Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The package referred to in the clickbait title is `is-promise`


How would you rewrite the title to not be clickbait?


"1-line package "is-promise" broke `NPM create-react-app`" ?


I would include the name of the package.


The title doesn't strike me as clickbait. The significant thing is what happened.


Personally as a JS dev, the significant thing is which package it was. These stories happen all the time, so when I see them I’d rather know which package it is at a glance so I know if I’m affected.


Fun thing with building applications overusing npm is that you usually don't know exactly what packages you have. Not until you check for the specific package, so you probably don't "know at a glance" if you're affected or not.


Hah, true. I got bit by one of these two days ago where the offending package was trying to install node itself (wtf?). It was two levels deep of `yarn why` before I figured out the issue. Fortunately I've been around long enough that the first thing I did was check the package for github issues... sure enough, found a 5 hour old issue with a bunch of people complaining of failing builds. If I hadn't searched first, I probably would have banged my head for another couple hours...


Does the package name need to be in the title if it's already the URL? :)


I don't know how "clickbait" that title can be when it is, in fact, longer than the line of code in question:

    declare function isPromise<T, S>(obj: Promise<T> | S): obj is Promise<T>;
This is, indeed, the only line of exported code in the entire package.

I genuinely don't understand the NPM world.


> I genuinely don't understand the NPM world.

You're right, you don't. What you posted is just the function declaration, not the implementation.


I think it reflects how the evolution of the JS ecosystem strongly resembles natural evolution. This package is now a vestigial organ, but there was a time when it served a useful purpose. Other packages formed connective tissue to this package, and since those package may still be useful, this one has stuck around.


Me neither. I can't wait for Deno 1.0 next month.

https://deno.land/


How exactly will the new runtime fix the habit of Javascript developers to pull-in millions of dependencies?


Makes me look forward to this more https://romejs.dev/ since one of the ideas is that it will have no third party dependencies...


What is this exactly? The website is a bit unclear.


Deno is much like node (uses the V8 engine, does not require a browser) and was created by the man who created node.


I was wrong about what this was I have edited this comment


Why would a Rust wrapper around the C++ project that is V8, which implements a garbage-collected programming language and environment, "use less ram" just by virtue of some parts of it being written in Rust?


That's just the type definition. Think of it like the .h if you're into that sort of thing.


NPM is the answer to the question: what would happen if everyone refused to use any idioms ever, and instead replace them all with packages?

God help you, if you import a JavaScript (or Rust) package today. Lest you fall in a gaping chasm of endless cascading dependencies.


It's not NPM's fault, it's developer's fault.

I would never in my right mind publish a one-line package, Python, Javascript, whatever.

And I would never add a one line package as dependency




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: