undefined | Better HN

0 pointsxnorswap3y ago0 comments

That's a really bad attitude. I ran into a bug in NPM that prevented our CI builds running entirely.

That NPM bug still isn't fixed (despite the bug having minor security implications), but there's no way I'm re-writing everything to not use NPM, it would be absurd, nor is it sensible to fork NPM and invest time into fixing the bug.

I ended up putting in effort to work around the bug entirely, but it was only coincidence that we could go without the feature that triggered the bug because we were going to deprecate that module anyway.

Are you really suggesting that developers don't "lock themselves in" to NPM? It's one of the most prolific projects that exists and it would be career limiting to avoid using a package manager or all dependencies entirely.

0 comments

creakingstairs3y ago

You probably already know but I found patch-package [1] to be crucial when relying on minor npm packages. It’s so freeing to be able to just fix it on your end and move on (and also raise a PR against the package)

[1] https://www.npmjs.com/package/patch-package

xnorswapOP3y ago

Thanks, but this was a bug in npm itself.

creakingstairs3y ago

Ah my bad! Luckily I haven’t ran into one of those yet and I’m hoping I never will :p

flippinburgers3y ago

It sounds like you have informed npm about the issue? If it is a widely faced issue, chances are that the maintainers will fix the bug. On the other hand you might be using npm in a way that is rather fringe.

prmph3y ago

You could try pnpm or yarn?

sokoloff3y ago

Was the same bug in yarn?

j / k navigate · click thread line to collapse