Hacker News new | past | comments | ask | show | jobs | submit login
Require-from-Twitter (gist.github.com)
701 points by uptown on Mar 24, 2016 | hide | past | web | favorite | 127 comments

This is the Internet of Things for code. This is wonderful.

This is also probably a snarky shot at npm [1], for those who lack context.

[1] https://news.ycombinator.com/item?id=11340510

My goal was for it to be entertaining and educational[1]. I love npm (which made this possible to begin with!)

[1] ES6 features (arg defaults, destructuring, modules, template literals, String.prototype.repeat), babel configuration and runtime compilation, async / await

I feel like require-from-twitter really helps enforce the Unix philosophy. It's hard to write modules with multiple responsibilities in 140 characters.

There will be a fork that allows concatenation of multiple tweets.

I wonder how large a system could be created using nested tweets of js. Needs versioning though.

As large as you want: https://users.soe.ucsc.edu/~jpagnutt/Elevator_Pitch.pdf (PDF warning)

This does need a warning, but PDF isn't the reason.

What does the link do?

It opens your mind until your brain falls out.

It's just a PDF.

It's a funny PDF, though.

Actually, there are several immutable FS-over-tinyURL projects. I have created some of them too. A real problem with Twitter is that you can get banned quickly for doing this.

What. The. Hell.


Careful what you wish for - someone is bound to try to prove you wrong now.

Hey, nice one! But reading the code I didn't see any arg defaults or destructuring. Saw the other stuff though! Which is pretty darn cool.

I was considering the source tweet as well :D

This is brilliant :).

Except the problem isn't editing, but deletions.

Twitter allows deletions and explicitly requires you to process and honor deletion events in their TOS. They have even blocked API access to programs that don't honor deletions.

So, just as bad (or, maybe worse, in that you can't even keep around committed code that comes through this process, if the originating tweet was deleted) as npm.

On the other hand, no one can reclaim a tweet after it's been yanked. So, `require from tweet` is a safer system for your production systems.

Reading the NPM blog today - that's not really a problem in NPM.

Reclaiming a module name requires a breaking version for any new code, so it shouldn't be an issue there.

It's still an issue for any developers who use '>' instead of '~' or 'x'. That's quite a few.

Twitter API clients are required to delete all copies of tweet contents when a tweet is yanked, or Twitter will revoke API access, which might bring your production systems to a deserved halt.

Yes but they won't accidentally pull a malicious version of the tweet pretending to be the original. They'll just stop working

That is an unacceptable outcome for production systems.

I'm surprised no one has mentioned IPFS as a solution to the deleting.

You have left out a very crucial fact which completely destroys your argument: Twitter has no verification process that the tweet was deleted because you're NOT ADVERTISING THE TWEETS. You're using them as source code. So the public is NOT privy to what you're doing with the tweets! So Twitter would have to get a search warrant to determine that you aren't deleting tweets! Of course they don't care; they care about what you're revealing to the public.

Twitter doesn't need a search warrant to query their own servers.

Your computer has to download the tweet before it runs the tweet. It will be cached on your computer. Compliance with twitter TOS means you have to clear your cache when twitter says the tweet was deleted. Since you're using the tweet to run code, it doesn't hurt anything if you ignore the "deleted tweet" advisory.

> Twitter would have to get a search warrant to determine that you aren't deleting tweets

Search warrants are incident to criminal activity in the United States of America. Twitter is a private company, not a law enforcement agency.

I put my code on Github. Twitter could monitor my repos if they wanted.

Writing a monitor for all of Github would even be possible.

I would say it is an equally snarky shot at all those who choose to depend on a third party module for something that can be written in 140 chars.

    >   "dependencies": {
    >    "babel-preset-stage-0": "6.5.0",
    >    "babel-preset-es2015": "6.6.0",
    >    "babel-runtime": "6.6.1",
    >    "babel-plugin-transform-runtime": "6.6.0",
    >    "babel-cli": "6.6.5",
    >    "babel-core": "6.7.4",
    >    "twit": "2.2.3",
    >    "entities": "1.1.1"
    >    },
The problem right here. Just to run a script you now need to import a whole third party language runtime ? what other language does pull this kind of stunt ? Javascript is madness.

Most of that is so people can use the slightly nicer syntax of the newer version of JavaScript in a more supported way as it's transpired. Honestly I'm not a fan because, as you can see, it's a big ass bucket of extra complexity for some extra, albeit nice, syntax updates.

I'm waiting for wide support of ECMAScript 6 before I start using it widely. Though I feel I'm a bit in the minority here I just don't want to deal with all of the transpiling complexities if I don't need to.

I've started using ES6 sans 'transpiler' for web development on Chrome. There's still the build step for release to other browsers, but so far I haven't bothered.

(I think your decision is completely reasonable; only pointing out that since just this month, with Chrome 49 out, you can develop without any build step.)

Yup. I'm working on a Polymer project in ES6. I develop in Chrome with it pointing directly at my source, so I get a full debugger and quick reloads by hitting the F5 button. Then I use crisper/babel/vulcanise via a ninja build script to generate an ES5 deployment package for the other browsers. It works really well.

(ES6 is so, so much nicer than ES5. It's almost like a real language now!)

Is there anything you can share of that ninja script? I've been looking at it as a replacement for environments where grunt doesn't work too well.

Sure --- it's a mess, though.



build is a tiny Lua preprocessor which expands templates in build.ninja.

It needs a cleanup but it works, it's way faster than gulp, and is much easier to debug. Haven't touched grunt so I don't know how it compares there.

Thanks. Could I get away without the Lua?

Yes, but you'd need to expand the source file rules inline --- I added the Lua because I was fed up with doing it by hand. (Ninja doesn't have implicit rules.)

Note that other browsers (specifically Firefox and Edge) generally have better ES6 support than Chrome does, so a "build step" is not needed for them unless you happen to be using one of the very few things that Chrome supports and they do not.

Not really. Usually people include them as "devDependencies", and Babel will transpile to ES5 before publishing.

I think Guillermo simply didn't care. Because it's not important for a joke.


Uninformed presumptions are madness.

I think it was important to him since otherwise leftPad probably wouldn't fit in a tweet so nicely..

Umm isn't babel-runtime an actual third party language runtime dependency (like polyfills and shared code for stuff like async) ?

I wouldn't really call it a dependency since it gets inlined with the shipped code.

Indeed, it is the only post-build babel dependency required if you want things like you say: async/await. The rest are the babel dependencies are build tools.

Javascript is in fact special because it's one of the few languages where the developer can't choose the version of the language to use. It's dictated by users with 4 year old browsers.

Execpt for server-side languages that's nearly always the case

You can quite easily choose your version. There are virtual hosts out there supporting any version of anything. This problem is largely solved.

For scripting languages, sure. For compiled languages, you can choose whatever version you want, since the end user gets a binary blob instead of source code (and even if they're building from source, their package manager should be able to download the required build dependencies for them).

Where? Java has such short maintainable cycles that Java 7 was dropped before Java 8 became used, and compiled languages (think C, C++, Haskell) always work.

Are there any other languages relevant for non-server usage?

That's nearly never the case, unless you are running uncompiled scripts downloaded from the internet with no version manifest, in which case that's also horrible.

I don't think it's the amount of code that is a problem here (we all depend on million lines of codes for a simple hello world program in C). The problem is the number of sources that one should trust to run it, which should be minimal.

First of all, whoosh, and second, no other language has the same platform/delivery mechanism as web client javascript. Any "transpiled" language is going to have to include it's own dependencies somehow.

It's part of the joke that makes this post funny.

Well this is meant to be a bad example, really all the babel stuff would be dev dependencies and ideally you'd have some watch task to compile and auto-reload.

In production you'd only have a bundled/minified version transpiled JS so there's no need for a runtime.

Ultimately with web assembly this gets even better.

Babel is run on the tweet, presumably to allow more terse code and thus more useful 140 character libraries.

clojure? I think the language is one just another jar to install. Makes it easier to pin stuff to the language version.

This is just to let non-JS programmers program JavaScript. Asynchronous programming, or programming without global/imports is too hard it seems.

I'm currently talking to investors to start a business around this. Please don't delete it.

Maybe this will make Twitter finally profitable?

Twitter is known for deleting twitter accounts when they get reports of tweets though.

Shots fired.

I can't tell if your comment is satire thanks to Poe's law.

I can't even tell if the article is satire.

(I'm guessing it is, but this actually seems useful. Poe is tough.)

And I also can't tell if you and the one you replied to is serious, because it's pretty obvious that twitter-requre it's a clever joke :)

> it's pretty obvious that twitter-requre it's a clever joke

Joke... So I shouldn't have replaced production with this?

Maybe to make this more reliable, you should retweet the module first, then require your clone.

Thanks for providing some morning entertainment. Love this comment.

Best comment in the whole thread.

If you make a good change, make sure to tweet it back with #PR.

Hi. I don't know how to program (otherwise I would do this myself), but can you port this to Google+ please? My office blocks twitter. Thanks!

Why is this not a npm module yet? Name suggestion: kik2

Not enough Twitter, can't you tell that's the problem here

Tangentially related(tweet sized js) and an awesome project: https://t.d3fc.io/ is a collection of d3 visualizations from tweets. The code is cryptic on first inspection, but if you look at the sandbox setup, it starts to make sense and 140 chars is a wonderful constraint. eg: https://t.d3fc.io/status/694991319052103680

Require from stack overflow?

require('how do I prepend spaces to a string')

Autocomplete from stack overflow: https://news.ycombinator.com/item?id=11335766

A developer gets upset at unilateral actions by NPM resulting in a project being renamed or taken down unnecessarily (potentially breaking builds). So this dev decides to take down all their projects, as a sort of protest. This breaks a lot of builds. The JavaScript community thinks a clever solution is utilizing Twitter as part of the build process? Because then everything would be dependent on Twitter not adding an "edit tweet" button...

> The JavaScript community thinks a clever solution is utilizing Twitter as part of the build process?

The JavaScript community thinks a hilarious, tongue-in-cheek solution is utilizing Twitter as part of the build process.


Oops. I retract my comment and denounce myself.

...and then someone on Hacker News implies that the playing around of a single individual represents what "the JavaScript community thinks"...

Lol they are so far ahead of you. It's a jab at the situation.

It was a joke.

Pretty comical. I bet folks would actually use this to some extent, without realizing that Tweets can also be deleted.

To solve that problem we need require from bitcoin blockchain transaction.

> without realizing that Tweets can also be deleted.

Yep, just like NPM modules.

> also

But the point is they cannot be edited or replaced.

Neither can npm module versions without direct assistance from the company (which, if you were able to gain favor, you might be able to get Twitter to do the same).

The only difference is someone can't take over a tweet should the original tweet author delete their account.

the next version should have a require from #hashtag, so that it can be fault tolerant, and would last longer when lawyers request a takedown!

> // ES6 leftPad

and he even had space for a comment in there....

For everyone who doesn't know it, there's a project called http://140byt.es/ compiling many code snippets that fit in a tweet (;

There was also a clever trick to compress/uncompress ascii text by using base[huge number] or something like that (full unicode) so it could be uploaded to twitter, but I don't remember the exact number

Awesome! thanks, also here's the reasoning from the Why? [1]

> I wanted people to be able to share HATETRIS replays via Twitter.

> Twitter supports tweets of up to 140 characters. "Tweet length is measured by the number of codepoints in the NFC normalized version of the text."

[1] https://github.com/ferno/base65536#why

What does the code in the parent post do?

Next up: require from bitcoin blockchain

this would actually be an interesting coding challenge and experiment to see if something could be built worthwhile in modules limited to no larger than 140 characters.

Not a good constraint. Just make each tweet module export a string, and concatenate them and eval().

well, that could be easily solved by prohibiting eval?

Concatenate them and then run them through Babel...

Are the tweet modules allowed to requireFromTwitter other tweet modules?

it has been done, http://140byt.es/

Make sure you scroll down and read the mandatory disclaimer before commenting on the merits of this approach.

Github could easily solve this problem:

If a repo meets certain criteria in licensing, create the ability to "Static Publish" a release. This feature communicates that the version repo is the public's and cannot be removed by the individual or team. Github also enters the agreement that if there is ever a need to "move" the version due to copyright infringement, it provides either aliasing or sooner sort of notification and time bomb before it goes offline.

If this were done, folks could be in the know about which packages and dependencies are at risk, so they enter into the install with their eyes wide open.

Shouldn't have voted against increasing character count, we could've had a free cdn

Well there you go. Problem solved.

Standardized modules like this are exactly what the node.js-stack bot herding community has needed!

On the plus side: if you saw this dependency in a module you were looking at you would know to think twice.

There's still another eight days until April first.

There's also a package manager for it: http://require-from-twitter.github.io/

> require-from-twitter is the core code for the tweet package manager. Our beta version has only one dependency: npm. But we're working hard on adding more dependencies as quick as possible.

Along similar lines, I made it possible to use NPM packages in the browser without a build step or server: https://github.com/olegp/bpm

More info here: https://meetabit.com/talks/37

What we really need is require-from-stackoverflow

One of the interesting side-effects here is that while it encourages you to write very small packages, it also strictly caps the maximum number of packages which you can add as dependencies of your own package. There's only so many `require` calls you can fit in a Tweet.

Twitter finally has a business model! Who knew that source code hosting would be the killer app?

I know this is supposed to be funny, BUT if you vendored and kept a local copy in you're build environment, you wouldn't have to worry if the tweet gets deleted.

This is the lesson I see noone talking about.

Of course, using a tweet as a source for a library is silly.

TDD - Twitter Driven Development

Well, twitter staff was saying they'd last at least another ten years, would NPM?

Filesystem interface to Twitter:


This is probably more generic than the project discussed here.

Why not just use anonymous gists in conjunction with RawGit CDN?

Unique IDs, no way to change or delete (since the gists are anonymous), served right out-of-the-box with a proper content type from cdn.rawgit.com.

For deleted tweets:

On every fetch, submit the tweet to archive.org and archive.is if not already there. If tweet is deleted, fetch from there instead.

I'm impressed no one has posted their own version for a different language.

twitter doesn't have an edit button, but it does have the delete button ;)

martin-adams solved this problem:


can someone explain what is this ? I really have no idea

This person wrote a tweet and the tweet has code[1]. This snippet in JavaScript allows you to import that code into your code as a module. I think this is trolling on state of the Node community because over the previous few days, people have found some pretty interesting dependency architecture[2].

[1] - https://twitter.com/rauchg/status/712799807073419264

[2] - http://www.theregister.co.uk/2016/03/23/npm_left_pad_chaos/?...

Let's host systemd on Twitter.


funny :)

If you can get a good toolkit for writing a GLR parser, then people will write their own tokenizers, BNF formal grammars, and plug it into your parser. It would take a single person about two to six weeks to get something thoroughly polished in JavaScript along the lines of what is described. However I think that without some form of centralization, (perhaps a subreddit? idk) it will be difficult for the standardization and namespace organization process to take place. If it is just one person, there is no question of standardization; if it is multiple people, the question of who is in charge of the namespace becomes relevant. Who is in charge of the namespace in this particular experiment?

npm over twitter? A site populated by trolls and spammers. What could possibly go wrong?

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact