
Show HN: Pgsh – branch Postgres like Git - sastraxi
https://github.com/sastraxi/pgsh
======
kevsim
This looks really handy. Quite frequently I want to iterate on a migration
without having to write the "down" migration until the "up" migration is done.
This will save a lot of DB dropping and re-seeding.

------
sastraxi
Just a note for anyone trying to download this -- please first try
`pgsh@0.10.1`. The `.2` bugfix release caused a regression that I'm working
through now. Thanks :)

~~~
sastraxi
0.10.6 is released with a fix :-)

------
cryptonector
Kinda like aquameta[0]?

[0]
[https://github.com/aquametalabs/aquameta](https://github.com/aquametalabs/aquameta)

~~~
bryanlarsen
Nothing like aquameta, but I guess the title could apply to both...

------
marcus_holmes
I installed this, just to see:

"added 242 packages from 179 contributors and audited 1098 packages in
13.598s"

how can I trust that this doesn't contain malicious code?

~~~
sastraxi
Such is life in the npm world, unfortunately.

I've tried to be minimal with my dependencies while providing a rich user
experience, but I'm sure we could do better still. Any dependencies in
particular you'd like me to look into removing?

~~~
frutiger
> Such is life in the npm world, unfortunately.

I don't really think npm is to blame in this specific case. It's merely acting
as an index to a set of tarballs, e.g. the same way PyPI or crates.io do.

It would be fairer to point the blame at the ecosystem and mindset of
developers of popular JavaScript libraries.

~~~
lucideer
I've recently been taking my time evaluating dependencies for a few small node
projects, and I've actually found I've been impressed at how few dependencies
are used by a subset of the Javascript package ecosystem.

I find, anecdotally, that rather than the broad spectrum you might expect,
packages tend to either have a huge number of dependencies, or very few.
Meaning if you do want to slim down your project's dependencies, it's usually
simply a matter of identifying the whales and substituting/eliminating them
with something saner.

Take for example two of the most popular package bundlers:

\- parcel: direct dependencies: 59, total dependencies: 1575

\- rollup: direct dependencies: 3, total dependencies: 9

~~~
sbr464
It’s actually not that straightforward. A library could bundle their
dependencies as part of their own build step/publish. They would appear to
have zero/less dependencies, but really they just bundled them.

~~~
lucideer
Possible but I haven't seen a library that does this. Seems like a very
unusual way to do things.

Something to worry about if it ever became prevalent I guess, but doesn't seem
to be rn.

