
Analysing 1.65M versions of Node.js modules in NPM - coldcode
https://blog.nodeswat.com/what-i-learned-from-analysing-1-65m-versions-of-node-js-modules-in-npm-a0299a614318#.8f3ifd27r
======
AgentME
>but we all remember the left-pad incident, right? It proved that having lots
of dependencies might actually not be the best thing.

npm no longer allows dependencies to be unpublished after they've been up for
24 hours. The issue that happened with left-pad was solved.

It's possible for someone to instead publish a new non-functional version of a
package, but I don't think that's unique to npm, and that won't affect people
who have pinned to a specific version of the package.

------
psuter
For those interested in the topic, we ran a related set of experiments
recently [1], and cross-referenced npm packages with (a subset of) Javascript
GitHub projects to see how packages and versions are used in practice.

[1] [http://www.apiful.io/intro/2016/06/01/npm-
analysis.html](http://www.apiful.io/intro/2016/06/01/npm-analysis.html)

------
thinkMOAR
At first i thought you made a typo with 1.65 million

"Grab a cup of coffee and enjoy the deep dive into the NPM ecosystem."

Now taking my last sip of the coffee, i'm happy never to have spend a single
second on node.js. The rapid and simple development via node.js does not weigh
up to the bizar number of dependencies and crazy stuff that can originate from
that.

Interesting to see in your stats there is a decline in development, at least
of new modules. Either the ideas people can come up with are drying up, or i'd
be inclined to say (interest of) nodeJS development is in decline?

------
ilaksh
I have never had a package break between dev and prod when using versions like
^x.x.x.

Also, you need to test and ideally stage before deployment.

If you don't want to deploy with `npm i` then just copy the files or compress
and then copy that and uncompress.

Also the new flat modules reduce the total install time.

The author advocates copy-pasting code rather than including small modules. To
me this is very misguided.

Npm is the greatest code-reuse system ever created. The failure of software
engineers to recognize that is an indication to me of a lack of depth of
engineering knowledge and experience.

Deploys may take a few minutes. You just need to factor that and don't switch
off prod servers until updated ones are ready.

~~~
merb
Code reuse is fine, but taking that over the top is not fine. The same with
Java some things actually do too much.

Especially dealing with many external dependencies is a real pain. A really
big one.

~~~
ilaksh
I found the many dependencies to be a pain very early on when I was not
specifying versions in my package.json.

Now I use npm i --save which gets versions so.. it really is not a pain to
have many dependencies with npm.

In Java and many other systems, yes, it is very painful. npm is different.

