
Left-pad as a service - manojlds
http://left-pad.io/
======
c4n4rd
This is really exciting!!! I was a bit disappointed that the right-pad will be
out only in 2017. I am looking forward to that release because there is a high
demand for it now.

What kind of load balancing is being used on the back-end? I called
leftpad(str, ch, len) with the length I needed and noticed that is not very
scalable because it is blocking.

A better approach I would recommend to those using it is to call the API in a
for loop. In my tests, it had performance very close to those I see in C or
assembly.

I was a bit turned off that the free version can only handle strings up to
1024 in length. I know you need to make some money, but it is big turn off for
a lot of my projects.

Edit: I finally signed up for it but still noticed that I am only allowed to
use 1024. I called your customer support line and they said I was calling the
API from multiple IP addresses and for that I need an enterprise license.
Please help me with this issue, it is very crucial at this point as my project
is in a complete stop because of this.

~~~
jameshart
Best practice for performance for large left-pad jobs is to call the service
recursively using mapreduce. Remember that left-pad(str,pad,n) is equal to
left-pad(left-pad(str,pad,n/2),left-pad("",pad,n/2),n). This should run in
logarithmic time and is highly parallelizable.

If you don't like the "" magic string in there you could replace it with a
call to left-pad(null, null,0).

~~~
capitalsigma
oh god it's too real

~~~
lucastx
Poe's law for programming culture extremists

------
pilif
As a very sarcastic person, I highly approve of this. This absolutely reflects
my opinion of all this mess.

Thank you for making this site so that I don't have to write an opinion piece
like everybody else seems to have to. Instead, if asked about the issue, I can
just point them at this site.

Yes. This isn't constructive, but this mess had so many layers that I really
can't point to a single thing and offer a simple fix as a solution.

As such I'm totally up for just having a laugh, especially when it really
isn't being nasty against specific people but just laughing about the whole
situation.

Thank you to whoever made this

~~~
ukyrgf
I don't expect to come across irreverent comedy on Hacker News, so I think the
site is great! Creator:
[https://twitter.com/gabrielgironda](https://twitter.com/gabrielgironda)

------
faizshah
I don't understand why this community has to have a weekly cycle of bashing
different programming communities. Every week there's a new drama thread
bashing Java devs, Go devs, Javascript devs etc. The thing that I come to this
community for every week is to read about new developments in our industry, if
you don't come here for that then what are you coming here for?

And wasn't it just a few months ago people were praising the innovation of
Urbit for having a 'global functional namespace'? But because it's popular to
hate on javascript devs for applying -- sorry, I forgot this was javascript
bashing week -- for reinventing concepts from other areas in computer science
and software engineering the HN community has to start hating on another
programming community's work.

That said this is a pretty funny satirical page, apologies to the author for
venting at the HN community.

~~~
TickleSteve
its called self-regulation.

Each community has its own quirks and extremes as seen by everyone else.
Without the bashing, they would become even more extreme. At least after this
a lot of devs will think twice about making "micro-modules".

~~~
faizshah
If that were true java would have started dying a few years ago, javascript
frameworks wouldn't pop up every week, and most people would use shell scripts
instead of build tools. This is exactly the kind of flame war stuff the
guidelines seem to have tried to stop.

~~~
TickleSteve
I think that self-regulation is a real effect... tho tempered by momentum
(i.e. Java's OOP/abstractionism momentum is huge).

Saying the effect exists says nothing about the effectiveness of that effect.

~~~
faizshah
I was referring to:

>Without the bashing, they would become even more extreme. At least after this
a lot of devs will think twice about making "micro-modules".

I don't think this "self-regulation" (I called this bashing, the guidelines
call this flaming) is going to make people think twice about making micro
modules. If they are useful they will be used, I think this community is
better than to just bash these communities and call it 'self regulation.'

------
supjeff
I went ahead and made an SDK [https://www.npmjs.com/package/left-pad-io-js-
sdk](https://www.npmjs.com/package/left-pad-io-js-sdk)

~~~
noiv
The try in browser fails with an unexpected token syntax error. Do you accept
PRs?

~~~
Hortinstein
I submitted a pull req to fix them...and added some tests. Sarcastic
programming is fun!

------
mschulze
As a Java developer, I am a bit jealous. When people joke about us we usually
only get a link to the Spring documentation of
AbstractSingletonProxyFactoryBean (or maybe the enterprise hello world), but
no one ever wrote that as a service. Maybe someone can do that?
[https://abstractsingletonproxyfactorybean.io](https://abstractsingletonproxyfactorybean.io)
seems to be available!

~~~
talles
Jesus Christ, is that a real thing!?

[http://docs.spring.io/autorepo/docs/spring/2.5.x/api/org/spr...](http://docs.spring.io/autorepo/docs/spring/2.5.x/api/org/springframework/aop/framework/AbstractSingletonProxyFactoryBean.html)

~~~
8note
> Convenient proxy factory bean superclass for proxy factory beans that create
> only singletons.

that actually makes sense to somebody?

~~~
haldean
Not sure what about that is hard to understand, it's a convenient proxy
factory bean superclass for proxy factory beans that create only singletons.
Says it right there on the page.

~~~
DCoder
Exactly, just like a monad is just a monoid in the category of endofunctors!

------
nogridbag
I'm late to the left-pad discussion. I thought it was considered a bad
practice to depend on an external repo as part of your build process. At my
company we use Artefactory to host our maven libs. Even if one were removed
maven central our builds would continue to work fine (in theory).

~~~
mikeash
I'm always surprised at how common this is. You check out some repository, and
it ends up having to fetch more stuff from all over creation. Whether it's
just git submodules or some more sophisticated dependency manager, it seems
like an obviously bad idea.

It's OK if they're pulling from other repositories you own, but requiring
external repositories as part of the checkout process seems like an obvious
point of failure. There's all sorts of possibilities for malicious activities,
and just plain downtime will affect you too. Storage is cheap, so it seems
like there ought to be no reason _not_ to pull in external dependencies and
save them locally. Dependency managers should support and encourage this
rather than defaulting to just referencing some random stuff off in space.

~~~
toyg
The reason is maintenance. Once you set up yet-another-repo-mirror (after your
apt, rpm, nuget, pypi etc mirrors), someone needs to keep it up, back it up,
secure it, refresh the packages, etc etc.

It's "cloud culture": rely on some else's maintenance effort and just work on
your own problems. Like all things, it has drawbacks.

~~~
mikeash
I don't buy it. You need a place to keep your own repository, and once you
have that, keeping copies of other repositories is pretty much free. Keeping
up, backing up, and securing N repositories is no more work than doing that
for one repository. You can still outsource this, even. There's nothing wrong
with using GitHub or Bitbucket or whatever for your repositories, just make
sure that you're using _your_ repositories, not relying on other people's.

The only thing that potentially gets harder is refreshing the packages, and
I'd argue that's actually a _good_ thing because that's really just saying
that packages don't randomly change out from under you. In any case, your
package manager should make it easy to refresh them when you want to, just say
"go update that dependency to the latest available from the official source"
and let it do its thing. If package managers don't offer this, they need to
start.

~~~
toyg
You need a place _and a person who knows all this stuff_ (or likely more than
one). That's expensive and hard, as knowledge of _all_ these setvices has to
be correctly handed over across people and over time. That's _on top_ of org-
specific processes that are likely more important and more byzantine, which
means they have priority. So the day your awesome_pkg_server breaks, nobody
remembers how and why it was set up, and the whole thing is scrapped. Back to
square 1. This assuming you actually have one or two people with enough free
time in the first place...

Whereas standard "fetch package" scripts are trivial, and each individual
stack is known well enough by developers working on it every day that there is
zero administration and little need for extensive knowledge transfer... At
least until left-pad disappears from under your feet; but that's rare enough
that the trade-off is worth it overall (or people cannot even imagine it ever
happening).

I'm not saying this is how it should be, I'm just describing why a lot of
people do what they do.

Maybe the solution is an overall simplification and harmonization of all these
services, so that the responsible option and the lazy option won't differ so
much. You could have something like a prebuilt "repo server" image that can be
downloaded and configured quickly, and which will then auto-cache all
requested packages across different services. Cache invalidation would still
be tricky but could be triggered selectively from an admin panel. Maybe all
this should be packed into CI servers by default...

------
andy_ppp
Hahaha - isn't it hysterical how everyone using npm for small reusable code
pieces! Aren't they morons! How stupid of people to trust their package
manager to be consistent and correct and return packages they were expecting.

How stupid of people to reuse small often used functions that only do one
thing well.

How does everyone taking the piss intend to protect themselves from this in
their OS package manager, or PPM or composer or pip?

It's not javascript devs fault that the standard library is so piss poor you
need these short code snippets and I've definitely included small 5-10 line
packages via npm or other package managers rather than roll my own because
it's likely they have bug fixes I haven't considered. I can also use npm to
share these snippets between the many projects I'm building.

* No I wasn't affected by this because I review the packages that I want to include, however the level of smugness here is absolutely ridiculous.

~~~
pdkl95
> How stupid of people to reuse small often used functions that only do one
> thing well.

This is a straw man argument. The reason so many people are criticizing left-
pad _et al_ is about the cost of adding a dependency.

> trust their package manager

That's exactly the problem: you're assuming that a package manager can be
trusted. The network isn't reliable, packages can changed innocently or
maliciously, and mistakes happen.

The "stupid" part is pretending these have zero risk, and the part that makes
some people angry is when they also have to depend on this zero-risk
assumption transitively through another library.

> It's not javascript devs fault that the standard library is so piss poor

Nobody is claiming it was. However, Javascript devs _are_ responsible when
they add critical dependencies on external components. They are also
responsible when they publish libraries that extend those critical
dependencies to the people that use their library without a _very_ good
reason.

~~~
naasking
> This is a straw man argument. The reason so many people are criticizing
> left-pad et al is about the cost of adding a dependency.

The cost of a dependency for a good package manager is zero, and the cost of
not having that dependency is non-zero. So the problem is with NPM, not with
adding a dependency.

~~~
deong
"Zero" isn't a cost of anything -- there's no free lunch.

NPM, like any package manager, pretty much blindly accepts user input. I, as a
module maintainer, could happily change every single function in my modules to

    
    
        function whatever() {
            return "WHHEEEEEEE!!!";
        }
    

and check it in. Doing that will result in no fewer problems than just
deleting the module entirely, and it's not NPM or any other similar package
manager's responsibility to vet changes. Obviously _curated_ package managers
like those used by most Linux distributions do carry some responsibility, but
even then, there's not ZERO risk.

~~~
naasking
Except a _good_ package manager will let you specify exactly which version you
wish to depend upon, so any changes you make upstream will have no effect on
people who protect themselves against automatic version updates.

Seriously, the properties of good package management should be obvious by now.
Any design that can break dependents _and there 's nothing they can do to
protect themselves_ is broken.

~~~
coldtea
And wait till you hear what a sufficiently smart compiler can do!

[http://c2.com/cgi/wiki?SufficientlySmartCompiler](http://c2.com/cgi/wiki?SufficientlySmartCompiler)

~~~
Bjartr
But there already exist package managers that let you pin to a specific
version like he's saying they should e.g. Maven, so I don't think your link
quite applies here.

~~~
coldtea
Npm allows that too -- you just specify an explicit version number, e.g.
"1.5.3" instead of "*" or "^1.5.3" etc.

My comment was against this belief that "smarter" tools in general are some
sort of panacea.

For example pining to a specific version won't help you match if the package
is removed altogether (as in this case), and ever worse if it's replaced
afterwards by another (newly registered) with an incompatible same version
out. It won't try to overwrite your specific install of course (since the
version already matches what you have), but you'll feel the pain when you try
to duplicate/deploy etc a new install with the same package listing --
suddenly the package either won't be there (or will be modified in the worst
case scenario).

So, then we opt for ever more features of a "sufficiently smart package
manager", e.g. signatures, permanence of anything published etc...

------
icefox
Nice, it is even bug compatible

[http://api.left-pad.io/?str=foo&len=7&ch=12](http://api.left-
pad.io/?str=foo&len=7&ch=12)

return {"str":"12121212foo"} and not {"str":"1212foo"}

~~~
frandroid
Probably because they use the package itself?

------
huskyr
Reminds me of Fizzbuzz enterprise edition:
[https://github.com/EnterpriseQualityCoding/FizzBuzzEnterpris...](https://github.com/EnterpriseQualityCoding/FizzBuzzEnterpriseEdition)

~~~
esailija
fizzbuzz npm edition:

    
    
        var zero = require("number-zero");
        var hundred = require("number-one-hundred");
        var isDivisibleBy5 = require("is-divisible-by-5");
        var isDivisibleBy3 = require("is-divisible-by-3");
        var isDivisibleBy5and3 = require("is-divisible-by-5-and-3");
        var numberToString = require("number-that-is-between-one-and-hundred-to-string");
        var fizzbuzz = require("string-fizz-buzz");
        var fizz = require("string-fizz");
        var buzz = require("string-buzz");
        var incrementByOne = require("increment-by-one");
        var forLoop = require("for-loop");
        var ifCondition = require("if-condition");
        var elseIfCondition = require("else-if-condition");
        var elseCondition = require("else-condition");
        var lessThan = require("less-than");
        var print = require("print-string");
    
        forLoop(zero, lessThan(hundred), incrementByOne, function(i) {
            condition(isDivisibleBy5and3, print(fizzbuzz),
                elseIfCondition(isDivisibleBy3, print(fizz),
                    elseIfCondition(isDivisibleBy5, print(buzz),
                        elseCondition(print(numberToString(i))))));
        });

~~~
sidthekid
This must be what heaven feels like!

------
jaxondu
It's 2016! Left-padding without any deep learning algorithm is so lame.

------
gumby
HELP!! The CEO heard about this new service and now my manager told me we need
to upgrade all our packages to this new service ASAP! But there's nothing on
stack overflow I can use to change our system! I need to get this pilot done
STAT so we can plan the migration and send it out for bid!

HELP!!

------
beeboop
Tomorrow: left-pad.io announces $120 million investment at $1.2 billion
valuation

Month from now: left-pad announces purchase of $170 million office building in
SV to house their 1200 employees

~~~
swasheck
Eighteen months from now: left-pad announces massive reduction in workforce.
1150 laid off.

------
jeffreylo
Doesn't work with unicode characters:

# ~ [8:47:18] $ curl '[https://api.left-
pad.io/?str=點看&len=5&ch=0'](https://api.left-pad.io/?str=點看&len=5&ch=0')
{"str":"￩ﾻﾞ￧ﾜﾋ"}%

~~~
mynewtb
What do you mean? It returned a string just fine.

------
andrepd
>`left-pad.io` is 100% REST-compliant as defined by some guy on Hacker News
with maximal opinions and minimal evidence.

Wonderful

------
Flott
I'm desperately looking for some feedback from big users.

\- Does it scale well?

\- Is it pragmatic for long term use scenario?

\- Is it Thread safe?

\- Does it learn from previous call made to the API?

\- Does it have a modern access layer?

\- Does it enforce 2nd factor authentication?

\- Is it compatible with Docker containers?

\- What about multi-region scenarios?

\- Any benchmark available showing usage with AWS + cloudflare + Docker + a
raspberry pi as LDAP server?

~~~
mirekrusin
There are rumors twitter is talking to those guys about 140 len version, they
are likely to be acquired. We need to wait to see. Tomorrow we should know.

------
rfrey
I'm very disappointed in the creators' choice of font for their landing page.
Practically unreadable, my eyes burned.

~~~
hnbroseph
and the scrolling behavior. my goodness.

------
maremmano
What about splitting left and pad in two microservices?

~~~
TickleSteve
3 maybe.... iteration-as-a-service also??

~~~
tromp
2 micro-services should suffice for all computation:

    
    
        $ curl 'https://api.S.io/?x=x&y=y&z=z'
        {"S":"x z (y z)"}
    
        $ curl 'https://api.K.io/?x=x&y=y'
        {"K":"x"}

~~~
TickleSteve
...now theres an idea for a new language.... slightly verbose tho....

~~~
GregBuchholz
[http://www.madore.org/~david/programs/unlambda/](http://www.madore.org/~david/programs/unlambda/)

------
yvoschaap2
While very useful SaaS, I always use the tweet package manager from
[http://require-from-twitter.github.io/](http://require-from-
twitter.github.io/)

------
p4bl0
As a friend said on IRC, it's kind of sad that the website is not made with
bootstrap.

------
gexla
Can someone explain to me why I might need this? I checked the site and the
documentation is horrible. The site isn't professionally done and there are no
videos.

Can I rely on this service going to be around in 5 years? It just seems like
this company might be, you know, a feature rather than a company.

------
stared
I am waiting for "integer addition as a service" (vide
[http://jacek.migdal.pl/2015/10/25/integer-
addition.html](http://jacek.migdal.pl/2015/10/25/integer-addition.html)).

~~~
deadcast
I'm working on it now. All plans will be free except if you want to use
negative numbers. AWS will charge me more for 1 + (-1) as opposed to a 1 + 1
operation.

------
sansjoe
A programmer is someone who writes code, not someone who installs packages. Do
you really need someone else to pad strings for you? Come on.

------
a_imho
My gut feeling tells me serious software engineers who look down on javascript
programmers are feeling justified now. Brogrammers are exposed, hence the lot
of knee jerk. Indeed, it is pretty funny, but dependency management still
remains a hard problem.

------
Jordrok
Very nice! Any plans for integration with
[http://shoutcloud.io/](http://shoutcloud.io/) ? I would love to have my
strings both left padded AND capitalized, but the APIs are incompatible. :(

------
venomsnake
I don't think this is enterprise ready. And I am not sure that they are able
to scale their service. Left padding is serious business.

------
TickleSteve
Presumably this is using a docker instance on AWS or the like? </sarcasm>

BTW: Well done... nothing like rubbing it in. :o)

~~~
athrun
I suspect API Gateway + Lambda.

------
creshal
I need a SOAP binding for this, because reasons.

~~~
dozzie
Funny way to spell CORBA.

------
chiph
Needs more Enterprise. Where are the factory factory builders?

~~~
mhd
If it doesn't have a CORBA _and_ EJB interface, it's not enterprise.

------
danexxtone
Where do I sign up for alpha- or beta-testing for right-pad.io?

~~~
afandian
I think they're announcing an MVP soon.

~~~
borplk
They are raising $10M Series A lead by Sequoia

------
facepalm
Cool, but it would be more useful if they had a npm module for accessing the
service.

~~~
eric001
[https://www.npmjs.com/package/left-pad-
io](https://www.npmjs.com/package/left-pad-io)

------
ChemicalWarfare
BUG! (I think) using '#' as a 'ch' value pads the string with spaces:

$ curl '[https://api.left-pad.io/?str=wat&len=10&ch=#'](https://api.left-
pad.io/?str=wat&len=10&ch=#')

{"str":" wat"}

Please provide github link to fork/submit pr :)

~~~
pfooti
Pretty sure you have to urlencode hashes, don't you? What happens if you do
ch=%23?

~~~
ChemicalWarfare
good point :) API needs to add a POST support with explicit description of
rationale being the need to url encode characters when using a GET.

Also needs HATEOAS.

------
bflesch
I get an error

    
    
      {"message": "Could not parse request body into json: Unexpected character (\'o\' (code 111)): was expecting comma to separate OBJECT entries\n at [Source: [B@6859f1ef; line: 2, column: 22]"}
    

when using double quotes. It seems some JSON parsing fails. Not sure if this
can be exploited, so I wanted to let you know.

Demo link: [https://api.left-pad.io/?str=%22;](https://api.left-
pad.io/?str=%22;)

~~~
adam-ff
I get an error changing the example request from 68 to 67 characters:

[https://api.left-
pad.io/?str=paddin%27%20oswalt&len=67&ch=@](https://api.left-
pad.io/?str=paddin%27%20oswalt&len=67&ch=@) {"message": "Could not parse
request body into json: Unrecognized character escape \'\'\' (code 39)\n at
[Source: [B@38ac0021; line: 2, column: 21]"}

------
ritonlajoie
I'm looking for a Left-pad specialized linux distro. Anyone ?

------
cmancini
This is great, but I'll need an API wrapper package.

~~~
bjackman
[https://www.npmjs.com/package/left-pad-service-
api](https://www.npmjs.com/package/left-pad-service-api)

------
shitgoose
this is fantastic! What is your stack? Are you NoSQL or relational? Redis?
What is your test coverage? I am sure you hiring only trendy developers. I see
huge potential in your service, do you accept private investments? I would
like to get in now, before Google or YC snatches you! again, keep up good work
and - can't wait for right-pad next year!

------
talideon
But the question is, is it enterprise-ready? :-)

------
rahimnathwani
Do you have any client libraries available for different languages?

I don't want to create a direct dependency between my code and your API. I'd
rather create a dependency between my code and your client library's code, as
I'm _sure_ you will always keep that up to date with any API changes.

------
Mopolo
That would be fun if a company named Left Pad asked to get this domain like
Kik did at the beginning of all this.

------
pka
The real discussion is not about package managers, micromodules, or whatever.

It's about "real programmers can write left_pad by themselves" and everybody
else just sucks. True scotsmen etc.

Now I don't know why asm people arent feeling threatened and aren't attacking
the C left_pad gurus yet...

------
idiocratic
Are you hiring?

------
dkackman1
SECURITY NIGHTMARE!!!!!!!!!

Without any sort of nonce, this service is trivially susceptible to a replay
attack

------
Schwolop
This ain't got nothing on Fuck Off as a Service:
[https://www.foaas.com/](https://www.foaas.com/)

------
MoD411
Boy, that escalated quickly.

------
mrcwinn
They didn't even think to version their API. This is total crap.

------
jug
If left-pad.io goes down, will it take the rest of the WWW infrastructure with
it? I'm missing a Q&A for important and apparently relevant questions like
these.

------
jdeisenberg
Have we, or have we not, officially entered the silly season?

------
yyhhsj0521
I wonder whether the author uses leftpad on this site

------
nyfresh
100 times on the board [http://bit.ly/1RzOIK2](http://bit.ly/1RzOIK2)

------
markbnj
This is awesome. Props to you all.

------
sentilesdal
for the graphic designers out there who need left-pad, blue-steel-pad is now
available.

------
fallenshell
Will there be a premium plan?

------
Blackthorn
Wow, so funny. DAE lol javascript?

Ugh, how does this garbage even get upvoted so highly.

------
jschuur
Is it rate limited?

~~~
tromp
Maybe each request should be accompanied by a proof-of-work, proving that the
requester invested at least 10s of computation...

------
justaaron
this is hilarious and timely

------
d0m
I'm ready to get downvoted to hell with this comment but here we go..:

I feel like only non-javascript devs are bashing against small modules and
NPM. All great javascript devs I know LOVE that mentality.

Let me offer some reasons why I (as a current Javascript dev having
professionally coded in C/C++/Java/Python/PHP/Scheme) think this is great:

\- Unlike most other languages, javascript doesn't come with a battery
standard library. So you're often left on your own to reinvent the wheel. I
mean, common, in Python you do "'hello'.ljust(10)" but AFAIK there isn't such
thing in javascript. Javascript is more like the wild west where you need to
reinvent everything. So having well tested libraries that does one thing
extremely well is really beneficial.

\- Javascript, unlike most other languages, has some pretty insane gotchas.
I.e. "'0' == 0" is true in javascript. Most devs have been burned so bad in so
many ways in Javascript that it's comforting to use a battle-tested library,
even for a small feature, rather than reinventing it.

\- And anyway, where should we put that function? Most big projects I've
worked on have some kind of "helper file" that has 1500 lines, and then at
some point different projects start depending on it so noone likes to touch
it, etc. So, yeah, creating a new module takes a bit more time, but remember
that it's not about the writing time but more about the maintenance time. I'd
much rather have lots of small modules with clear dependencies than a big
"let's put everything in there" file.

\- I feel arguing about whether something should be in a separate module is
similar to arguing without something should be in a separate function. For me,
it's like hearing "Hey, learn how to code, you don't need function, just write
it when you need it." And hey, I've worked in projects professionally where
they had no function and it was TERRIBLE. I was trying to refactor some code
while adding function, and people would copy my function inside their 1500
lines file. Let me tell you I left that company really fast.

\- It's fair to say that UNIX passed the test of time and that the idea of
having lots of small programs is extremely beneficial. It forces common
interface and great documentation. Similar to how writing test force you to
create better design, modularizing your code forces you to think about the
bigger picture.

\- As far as I'm concerned, I really don't care whether a module is very small
or very big, as long as what it does is well defined and tested. For instance,
how would you test if a variable is a function? I don't know about you but my
first thought wasn't:

    
    
       function isFunction(functionToCheck) {
         var getType = {};
         return functionToCheck && getType.toString.call(functionToCheck) === '[object Function]';
       }
    

Who cares if it's a 4 lines module. I don't want to deal with that javascript
bullshit. Yes, I could copy past that in my big helper file, but I'd much
rather used one that the javascript community use and test.

\- Finally, it seems like Node/javascript hasn't started that way. Not so far
ago with had Yahoo monolithic javascript libraries and jquery. Even the first
versions of most popular node library (such as express) were first written as
a monolithic framework. But it's been refactored into dozen of small modules
with clear functions. And now, other libraries can just import what they need
rather than the whole project.

OK, so I told you about the good thing. What about the bad thing?

\- Adding dependencies to a project is REALLY HARD TO MAINTAIN. I've had so
many bad experience using node because of that. I.e. I work on a project, it's
tested and work fine. 2 months later I clone and start the project and
everything breaks. Oh, X and Y libraries decided to fuck everything, that
other library now depend on a new version of Node, but I can't upgrade node
because that other library depend on a previous version of Node. It's complex.
I won't go on in explaining my solution to this problem, but enough to say
that it's a problem and installing random amateur libraries in a professional
project can lead to disaster.

\- It takes longer to code. I've touched that earlier. It's a tradeoff about
write now vs maintain later. Take a look at segmentio github repo:
[https://github.com/segmentio](https://github.com/segmentio). I'd personally
love to have that as onboarding experience rather than some massive project
with everything copy/pasted a few time. But yes, it took them more time to
create those separate modules.

~~~
AgentME
>2 months later I clone and start the project and everything breaks. Oh, X and
Y libraries decided to fuck everything

Are you not using semver? A common mistake I've seen is to depend on the "*"
or "latest" version of a package, which obviously will break when the package
releases a major update.

Also, applications should use shrinkwraps to pin their dependency versions to
versions they've been tested with.

