undefined | Better HN

0 pointshalapro5d ago0 comments

> WTF is wrong with JS developers

Don't confuse "one idiot who wants to support Node 0.4 in 2026" with "JS developers". Everybody hates this guy and he puts his hands into the most popular packages, introducing his junk dependencies everywhere.

0 comments

saghm5d ago

If everyone hates him and thinks his dependencies are junk, why would anyone let him introduce them to popular packages? Clearly there are at least some people who are indifferent enough if the dependencies are getting added elsewhere

halaproOP4d ago

OSS is not a democracy. If he controls packages with millions of downloads, you either follow what he does or fork the packages, which is what the article is about.

And even then the vast majority of people will continue to use his packages because they don't care or don't have time to investigate bloat.

saghm2d ago

> OSS is not a democracy. If he controls packages with millions of downloads, you either follow what he does or fork the packages, which is what the article is about.

My point is that in order for any other package not controlled by him, there needs to be someone choosing to depend on them (either by adding it themselves or merging a change that adds it). Whoever that is clearly doesn't seem to hate it as much as you claimed.

> And even then the vast majority of people will continue to use his packages because they don't care or don't have time to investigate bloat.

So in other words, you were grossly exaggerating when you said "everyone" hates the junk dependencies. By your own words, the vast majority of people don't seem to really care enough about it to do anything.

Maxion5d ago

The other problem is that this is a bit of a circular path, with deps being so crap and numerous, upgrading existing old projects become a pain. There are A LOT of old projects out there that haven't been updated simply because the burden to do so is so high.

albedoa4d ago

The guy you are responding to is longing for what was possible two decades ago. He is that one idiot. He even replied to your comment with confirmation!

userbinator5d ago

Then I wish there were more of these "idiots who want to support Node 0.4 in 2026". Maybe they're the ones with the common sense to value stability and backwards compatibility over constantly trendchasing the new and shiny and wanting to break what was previously working in the misguided name of "progress".

josephg5d ago

NodeJS has a clear support schedule for releases. Once a version of nodejs is EOL, the node team stops backporting security fixes. And you should really stop using it. Here's the calendar:

https://nodejs.org/en/about/previous-releases

Here's a list of known security vulnerabilities affecting old versions of nodejs:

https://nodejs.org/en/about/eol

In my opinion, npm packages should only support maintained versions of nodejs. If you want to run an ancient, unsupported version of nodejs with security vulnerabilities, you're on your own.

userbinator4d ago

"support" and "works" are two different things.

Griffinsauce5d ago

You wouldn't if you look more deeply at this. He doesn't push for simplicity but for horrible complexity with an enormous stack of polyfills, ignoring language features that would greatly reduce all that bloat. .

userbinator4d ago

That's also a problem. I've written JS that would work on any browser from the latest ones all the way back to IE5, and I'm not even a professional JS developer. It's not hard.

Maybe "professional" is the problem: they're incentivised to make work for themselves so they deliberately add this fragility and complexity, and ignore the fact that there's no need to change.

j / k navigate · click thread line to collapse

0 comments

saghm5d ago

halaproOP4d ago

OSS is not a democracy. If he controls packages with millions of downloads, you either follow what he does or fork the packages, which is what the article is about.

And even then the vast majority of people will continue to use his packages because they don't care or don't have time to investigate bloat.

saghm2d ago

> OSS is not a democracy. If he controls packages with millions of downloads, you either follow what he does or fork the packages, which is what the article is about.

> And even then the vast majority of people will continue to use his packages because they don't care or don't have time to investigate bloat.

Maxion5d ago

albedoa4d ago

The guy you are responding to is longing for what was possible two decades ago. He is that one idiot. He even replied to your comment with confirmation!

userbinator5d ago

josephg5d ago

NodeJS has a clear support schedule for releases. Once a version of nodejs is EOL, the node team stops backporting security fixes. And you should really stop using it. Here's the calendar:

https://nodejs.org/en/about/previous-releases

Here's a list of known security vulnerabilities affecting old versions of nodejs:

https://nodejs.org/en/about/eol

In my opinion, npm packages should only support maintained versions of nodejs. If you want to run an ancient, unsupported version of nodejs with security vulnerabilities, you're on your own.

userbinator4d ago

"support" and "works" are two different things.

Griffinsauce5d ago

userbinator4d ago

That's also a problem. I've written JS that would work on any browser from the latest ones all the way back to IE5, and I'm not even a professional JS developer. It's not hard.

Maybe "professional" is the problem: they're incentivised to make work for themselves so they deliberately add this fragility and complexity, and ignore the fact that there's no need to change.

j / k navigate · click thread line to collapse