There have been multiple accounts created with the sole purpose of posting advertisement posts or replies containing unsolicited advertising.

Accounts which solely post advertisements, or persistently post them may be terminated.

UndercoverUlrikHD ,

The only two people arguing against the change were both authors/contributors of is-number lol

418teapot ,

It’s kind of insane how bad this whole is-number thing is. It’s designed to tell you if a string is numeric, but I would argue if you’re ever using that you have a fundamental design problem. I hate dynamic typing as much as anyone else, but if forced to use it I would at least try to have some resemblance of sanity by just normalizing it to an actual number first.

Just fucking do this…


<span style="font-weight:bold;color:#a71d5d;">const </span><span style="font-weight:bold;color:#795da3;">toRegexRange </span><span style="font-weight:bold;color:#a71d5d;">= </span><span style="color:#323232;">(minStr, maxStr, options) </span><span style="font-weight:bold;color:#a71d5d;">=> </span><span style="color:#323232;">{
</span><span style="color:#323232;">  </span><span style="font-weight:bold;color:#a71d5d;">const </span><span style="color:#323232;">min </span><span style="font-weight:bold;color:#a71d5d;">= </span><span style="color:#0086b3;">parseInt</span><span style="color:#323232;">(minStr, </span><span style="color:#0086b3;">10</span><span style="color:#323232;">);
</span><span style="color:#323232;">  </span><span style="font-weight:bold;color:#a71d5d;">const </span><span style="color:#323232;">max </span><span style="font-weight:bold;color:#a71d5d;">= </span><span style="color:#0086b3;">parseInt</span><span style="color:#323232;">(maxStr, </span><span style="color:#0086b3;">10</span><span style="color:#323232;">);
</span><span style="color:#323232;">  </span><span style="font-weight:bold;color:#a71d5d;">if </span><span style="color:#323232;">(</span><span style="color:#0086b3;">isNaN</span><span style="color:#323232;">(min) </span><span style="font-weight:bold;color:#a71d5d;">|| </span><span style="color:#0086b3;">isNaN</span><span style="color:#323232;">(max)) </span><span style="font-weight:bold;color:#a71d5d;">throw </span><span style="color:#323232;">Error(</span><span style="color:#183691;">"bad input or whatever"</span><span style="color:#323232;">);
</span><span style="color:#323232;">  </span><span style="font-style:italic;color:#969896;">// ...
</span>

Because of the insanity of keeping them strings and only attempting to validate them (poorly) up front you open yourself up to a suite of bugs. For example, it took me all of 5 minutes to find this bug:


<span style="color:#323232;">toRegexRange(</span><span style="color:#183691;">'+1'</span><span style="color:#323232;">, </span><span style="color:#183691;">'+2'</span><span style="color:#323232;">)
</span><span style="font-style:italic;color:#969896;">// returns "(?:+1|+2)" which is not valid regexp
</span>
floofloof , (edited )

It looks like “is-number” was never more than a few simple lines of code. It still has 68 million downloads per week.

www.npmjs.com/package/is-number

I checked one of our main projects at work, and it’s in there as a dependency 6 levels deep via the “sass” package.

TootSweet ,

I’ve literally told my coworkers “I’m not saying we should never use dependencies. But every time you add a dependency, you should hate yourself a little bit more. Some self flagellation can’t hurt either.”

Aatube ,

Note that the PR was later merged by a member who got fed up with his colleagues.

lily33 ,

And who hasn’t contributed any code to this particular repo (according to github insights).

GBU_28 ,

Not familiar with this exact team, but a skilled reviewer/issue triager is useful. We can hope this person at least tested the changes.

AVincentInSpace ,

Another day of being extremely thankful I decided not to learn JavaScript

bjoern_tantau ,
@bjoern_tantau@swg-empire.de avatar

I mean, the people relying on such packages didn’t learn it either.

zqwzzle ,

I only glossed over it… but this looks like it’s trying to check dynamic typing issues? It’s like a statically typed language with extra steps?

lockhart ,

This can happen in any project that uses dependencies, javascript or not

onlinepersona ,

440GB weekly for “is number”. What in the world is that package doing?

Anti Commercial-AI license

GammaGames ,

It handles a few weird edge cases, mostly. Only 7 meaningful lines of code and almost 70M downloads week!

sus OP ,

is-number is a one-line function. (though it’s debatable if a function that complex should be compressed to one line)

You may have heard of a similar if more extreme “microdependency” called is-even. When you use an NPM package, you also need all the dependencies of that package, and the dependencies of those dependencies recursively. Each package has some overhead, eventually leading to this moment in time.

bjoern_tantau ,
@bjoern_tantau@swg-empire.de avatar

Link to the PR? The PR description and the comment somehow contradict each other. Or I am stupid. Or the commenter.

sus OP ,

I tried to edit the ‘highlights’ into a single image, the top is the description of the PR, the middle is a comment replying to another comment

github.com/micromatch/to-regex-range/pull/17

bjoern_tantau ,
@bjoern_tantau@swg-empire.de avatar

Thanks!

What a shit show.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • [email protected]
  • random
  • lifeLocal
  • goranko
  • All magazines
    •