The Man Who Broke The Internet By Deleting 11 Lines of Code

Поділитися
Вставка
  • Опубліковано 25 гру 2024

КОМЕНТАРІ • 1,6 тис.

  • @christopherverhoef9112
    @christopherverhoef9112 2 роки тому +5628

    So if all three parties half-apologized, that's like 1.5 full apologies, which is more than you usually get from this situation.

    • @H_Eli
      @H_Eli 2 роки тому +221

      2/3 parties are at fault so there is still 0.5 apology less that the required number.

    • @tylerbreisacher5841
      @tylerbreisacher5841 2 роки тому +117

      or if you're using JavaScript floating point math, 1.499999999999999998 apologies

    • @Seb135-e1i
      @Seb135-e1i 2 роки тому +90

      @@tylerbreisacher5841 Except no, because 0.5 has an exact representation in binary

    • @fahadahaf
      @fahadahaf 2 роки тому +69

      @@tylerbreisacher5841 yep, totally JS math. Not like its just another implementation of IEEE floats and has the same problems as every other language implementing floats. Nope, must be a JS thing.

    • @vibaj16
      @vibaj16 2 роки тому +36

      @@tylerbreisacher5841 1.5 in binary is just 1.1, so there's no problem there

  • @bountygiver
    @bountygiver 2 роки тому +5789

    The correction about why the websites themselves didnt break is not because of caching, it's just that they are already deployed with leftpad still working, and any changes made by npm will not touch the website, and they are not allowed to be deployed again when it cannot be built due to leftpad being missing (simply nobody gets to update their website).

    • @UwePieper
      @UwePieper 2 роки тому +264

      Wanted to say something similar. To keep it short: the internet didn’t break.

    • @fridder.
      @fridder. 2 роки тому +133

      This is correct. Packages are fetched during deployment. Package missing = fail. Sites deployed prior to the deletion of the npm package were not crippled (but would be during a subsequent release)

    • @pineapplerindm
      @pineapplerindm 2 роки тому +29

      yep. if the build fails its never deployed

    • @jpaugh64
      @jpaugh64 2 роки тому +36

      Your description of "deployed code" is also a suitable description of "cached code." Whatever. Caching is basically right.

    • @vcpark
      @vcpark 2 роки тому +148

      @@jpaugh64 No it's not. It has nothing to do with the fact that some code was cached on the client side, nor does it have anything to do with a a cache on the infra side. It's simply incorrect lol

  • @Xylight
    @Xylight 2 роки тому +8612

    breaking literally everything by modifying a tiny bit of code is extremely accurate

    • @jameschambers9969
      @jameschambers9969 2 роки тому +330

      I just delete this function that does nothing.
      Error messages: allow us to introduce our selves.
      i am still learning so be nice please

    • @dekriel119
      @dekriel119 2 роки тому +82

      i can vouch, can't tell you the amount of times i accidentally deleted something and then wondering why it doesn't work

    • @thek3317
      @thek3317 2 роки тому +92

      if he really wanted to mess with people he should have just modified it by removing one of the brackets to make it so everything underneat it wasnt compiling, It would be a bit more annoying

    • @ult1873
      @ult1873 2 роки тому +5

      yep ANYTHING

    • @Yekulten
      @Yekulten 2 роки тому +6

      Even if the bit is useless.

  • @wyatt8770
    @wyatt8770 2 роки тому +3040

    this is one of my biggest complaints about npm; they are a company who is ultimately in charge of a good chunk of the free internet. Thats an important note; NPM is a company, not just a repository (who is now owned by Microsoft). It's concerning to me, and i think an open alternative might be wise

    • @mechtechpotato4249
      @mechtechpotato4249 2 роки тому +75

      It’s probably finnnneeee.

    • @TheDeadOfNight37
      @TheDeadOfNight37 2 роки тому +220

      @@mechtechpotato4249 you say that now wait til 2025 when Microsoft is somehow claiming the rights to all of these packages and trying to charge royally fees
      Edit: I meant royalty and could have sworn that's what I typed, oh well

    • @Ibegood
      @Ibegood 2 роки тому +144

      @@TheDeadOfNight37 I think they've already learned from the Windows model that collecting and using user data is more valuable than selling physical copies of Windows. In a worst case scenario, I could see them using the same method here, adding a few lines of a code to an open source code to collect snippets of data, making it closed source, and then pretending like they haven't done anything, while they make millions/billions off more user data.

    • @john-red
      @john-red 2 роки тому +37

      Yarn is *technically* open source but it's still kinda made by Facebook in 2016, a few months after this incident.. Coincidence? 😅

    • @Finkelfunk
      @Finkelfunk 2 роки тому +52

      Well go ahead and be the open source dev to write npm from scratch. You'll see why this is an issue fairly quickly. Open source is time consuming with often little to no reward. Take it from a Linux user.

  • @adamsfusion
    @adamsfusion 2 роки тому +639

    The real crime here is that someone one day did an `npm install kik` and got some API client to some dumb messenger instead of whatever that package used to do. Name reassignment like that can have the exact same effect as the removal of leftpad did.

    • @newe6000
      @newe6000 2 роки тому +89

      Except if you read NPM's blog post following this incident, they were very clear that when a package's ownership gets transferred, the new owner MUST increment the major version number, and the old owner's code will still exist on all of the same version numbers it did before. This means all existing kik-dependent code would download the same version it did before, and you'd have to explicitly ask it to download the new version which was a different package.
      Not saying NPM was in the right, but they were trying to resolve the situation in a way where nobody's code would break.

    • @0860888080
      @0860888080 2 роки тому +44

      That's perfectly pictured in xkcd 1172: every change breaks someone's workflow.

    • @kumaahito3927
      @kumaahito3927 2 роки тому +33

      Yep. Especially for such short names it should've been first come first serve without a single question or doubt.

  • @deesh6378
    @deesh6378 2 роки тому +3534

    All this video did was make me lose respect for the NPM team for not only screwing over an open-source creator who clearly did nothing wrong and used the name WAY before Kik did, but screwed him over twice by reverting it back to published without the creator's consent.

    • @Yotanido
      @Yotanido 2 роки тому +450

      Had it been a bigger package, it could also have been questionable legally. Did they still have the right to distribute his code after he unpublished?
      ...well, they probably did. They most likely wrote their TOS so they could do this, but it still leaves the question of this kind of TOS being enforceable.
      Since it is such a small package, it probably won't have any copyright, but it's an interesting question nonetheless.

    • @allankcrain
      @allankcrain 2 роки тому +506

      @@Yotanido It was copyrighted with an open-source license, so it was legal--the license explicitly gave anyone who wanted to permission to redistribute and/or modify the code. So totally legal, just kind of a dick move, but also a dick move for which there weren't any particularly good alternatives.

    • @schwingedeshaehers
      @schwingedeshaehers 2 роки тому +132

      @@allankcrain the alternative where to not change the name of the other projekt

    • @blazernitrox6329
      @blazernitrox6329 2 роки тому +208

      @@allankcrain The alternative was what NPM apparently ended up doing in the end: writing their own version of leftpad that was way more complicated than it had any right to be and using practices that looked good on paper but actually didn't contribute anything in practice.

    • @ThePC007
      @ThePC007 2 роки тому +92

      @@blazernitrox6329 How is it even possible to complicate something as simple as adding spaces to a string?

  • @keegaroo6577
    @keegaroo6577 Рік тому +1366

    as a programmer, let's take a second to appreciate the incredible amount of effort it takes to find such a short obscure package instead of writing 10 lines yourself.

    • @hiiamelecktro4985
      @hiiamelecktro4985 Рік тому +1

      There is a NPM package called “is-odd” that does exactly what you think it does.
      It’s been downloaded like 30 million times and has like 2 million download a month 💀 💀 💀

    • @abdelbakiberkati
      @abdelbakiberkati Рік тому +151

      The 2 hours you spend looking for them is much better than the 5 mins to write them

    • @martenkahr3365
      @martenkahr3365 Рік тому +106

      @@abdelbakiberkati Besides what @badscript said about package grouping, you might spend 5 minutes total writing the actual code, but that's ignoring the five hours you spend second guessing if what you just wrote might have some weird edge-case that breaks it. Instead of taking a package that's so widely used that if it was broken in some weird edge case, someone would have noticed by now.

    • @Blast-Forward
      @Blast-Forward Рік тому

      You don't have to write it yourself: String.prototype.padStart

    • @___jd
      @___jd Рік тому +24

      11 lines bro. i'll write 10 myself, but after that i'm outsourcing lmao

  • @JouvaMoufette
    @JouvaMoufette 2 роки тому +1599

    As a web developer that doesn't regularly use NodeJS (what leftpad was used for) but is familiar with it, the people at my old work place turned it into a joke shortly after this.

    • @unknownperson3842
      @unknownperson3842 2 роки тому +17

      Yo I'm like 15 yrs old but pretty interested in web developening yk where I can learn smth about it?

    • @richledbetter2123
      @richledbetter2123 2 роки тому +40

      @@unknownperson3842 w3 schools is a great place to start for html, css, and javascript

    • @rasmusazu
      @rasmusazu 2 роки тому +14

      @@unknownperson3842 In Denmark, Web-developer is a degree after Computer Science. I'd suggest looking into getting a Computer Science degree, then building on top of that with Web-development :) Though, in my personal opinion, Web-development is little more than a degree unless you actually want to do frontend programming rather than backend :)

    • @unknownperson3842
      @unknownperson3842 2 роки тому +2

      @@richledbetter2123 alright ty bro

    • @SomeRandomPiggo
      @SomeRandomPiggo 2 роки тому +6

      nodejs is a joke

  • @akatsukilevi
    @akatsukilevi 2 роки тому +874

    Just have to say, the explanation of NPM was comically on point. That's, exactly how it works. Except this tower randomly decides to break down even when nothing is wrong because react@16.12.1 cannot be used with @types/react@16.2.2 for whatever reason

    • @unicodefox
      @unicodefox 2 роки тому +27

      well of course not, @types packages define how the exported functions & classes should look like. If you download react@16.12.1 which removed or changed feature X but @types/react@16.2.2 which has the old definition for feature X, you'll be in for a bad time.

    • @akatsukilevi
      @akatsukilevi 2 роки тому +21

      @@unicodefox It would make sense. The issue is that I didn't even had typescript installed, nor was a typescript project
      How a types package ended up there? No idea

    • @fahadahaf
      @fahadahaf 2 роки тому +14

      @@unicodefox hush, you're making too much sense. Just join the bandwagon and bash JS because there can't possibly be a good reason why JS (and the surrounding ecosystem) is the way it is. Nooo... It must be boiled down to "JS bad, Other language good". Not like you're dealing with different platforms or anything

    • @fahadahaf
      @fahadahaf 2 роки тому +5

      @@akatsukilevi If you don't use TypeScript, why do you have @types/react installed anyway? unless its a direct dependency, its NEVER going to throw an error; worst case scenario you get a warning in your console from NPM. If your project was broken, its probably a swallowed error somewhere else and nothing to do with the typedef.

    • @akatsukilevi
      @akatsukilevi 2 роки тому +15

      @@fahadahaf Two words: Legacy codebase
      I have no idea who coded that, I have no idea how that thing worked
      Best day of my life was the day I nuked that git repo

  • @shacharronzohar6960
    @shacharronzohar6960 2 роки тому +856

    Whats even more interesting about this, is npm enacted a policy forbidding package creators from unpublishing a package with a certain number of downloads.
    I'm not fully versed in the details but they made some sort of change to prevent this from happening

    • @AxxLAfriku
      @AxxLAfriku 2 роки тому +1

      I have fewer than 1 friend in the World. That's right. Everybody disses me for making bad videos. I think they are perfect though. Who is right? My dissers or me? Which side are you on, dear sha

    • @ChubiChan
      @ChubiChan 2 роки тому +100

      So wait, if you submit a package to NPM then, you're effectively giving up control of it down the road, entirely?

    • @kalzhae
      @kalzhae 2 роки тому +86

      @@ChubiChan not really, you just can't remove it from npm.
      but yeah npm is a company so don't expect them to be necessary open source friendly

    • @pikenote
      @pikenote 2 роки тому +101

      @@ChubiChan By open source standards, people can technically fork your code and have their own copy or version. You are essentially giving up control. However open source projects are licensed differently and there are a bunch of caveats to this.

    • @EebstertheGreat
      @EebstertheGreat 2 роки тому +49

      @@ChubiChan Yeah, that was always the case. npm is a repository for open-source code only and has a very permissive license (Perl's "Artistic License 2.0"). Once you submit code, anyone can download it, distribute verbatim copies (as long as they include all copyright statements of the original), modify it, and even distribute modified copies (as long as the modifications are clearly described). They can also distribute compiled versions of either (as long as you give instructions on how to access the source code) and aggregated packages including that code as a component. They can even charge a distributor fee to do so. Moreover, the publisher relinquishes all patent claims to any part of their code.
      Since your code is published under that license, you can't just revoke those permissions.

  • @Learn_Something_New
    @Learn_Something_New 2 роки тому +1386

    Guess it goes to show that you should be nice to everyone, because you never know whose propping the internet up on their back in their free time like Atlas keeping the sky from crashing into Earth.

    • @laundmo
      @laundmo 2 роки тому +142

      yep. OpenSSL - literally the thing encrypting most of the internet - was developed by mostly 1 guy with 2k donations a year.

    • @gaveintothedarkness
      @gaveintothedarkness 2 роки тому +6

      beautiful simile right here,

    • @AlanTheBeast100
      @AlanTheBeast100 2 роки тому +10

      Atlas? Fake news. It's a huge goldfish.

    • @gayrights8315
      @gayrights8315 2 роки тому +20

      so true, it's mostly furries, so remember to be nice to them even if you think they're weird

    • @ALocalFolf
      @ALocalFolf 2 роки тому +18

      @@gayrights8315 One should be respectful and kind to anyone, furry or not, in the first place. That's just basic etiquette, isn't it?
      Besides that, have we all forgotten the idea of the golden rule, which I'm quite sure was drilled into our heads from a young age if you had good parents/teachers, that is?
      Not to mention, if we're supposed to accept people for who/what they are, isn't isolating/making fun of people because you think they're weird kinda the adverse intention? Plus, it could be reciprocated back, you could think what I do is weird, but I could think something you do is weird as well.
      Additionally, from my time in the fandom, I've found most people join due to childhood trauma, e.g. parents divorcing/childhood abuse. Before you judge me or anyone else, furry or not, consider thinking, "what's happened in their life that they came out this way?"
      Also, this wasn't meant to attack you or anyone. Just some thinking points. Please don't take my huge comment as provocative. Other than this section, the word "you" is just used in a general sense, meant to help explain a point. I sincerely hope this doesn't start a huge fight in the comments.

  • @dustinpoissant
    @dustinpoissant 2 роки тому +302

    I am a node web developer. This Jenga tower analogy is accurate. I work for a huge company (60,000 employees) and we use react which uses hundreds of other packages that we have no idea what they are, so when ome breaks its a scramble

    • @Uvuv6969
      @Uvuv6969 2 роки тому

      The only innacuracy is that they put Java as more important than C++, fuck java

    • @heliusuniverse7460
      @heliusuniverse7460 2 роки тому +45

      @@benjii_boi Companies don't pay you to look at every piece of code your project depends on

    • @32Zn
      @32Zn 2 роки тому +18

      @@benjii_boi Hahahaha!
      Wait you were serious? Let me even laugh harder
      HAHAHAHHAAH!

    • @chrossantvegas2694
      @chrossantvegas2694 2 роки тому +5

      @@benjii_boi my little kiddies here don't know about coding like us and usually use basic packages without even lookin at the codes that make them up, I think our galactic brains work harder than their basic programs which are made by people who don't even know what the program is made of. 😀

    • @32Zn
      @32Zn 2 роки тому

      @@benjii_boi That's the unlucky part for you when trying to insult others and trying to put them down. Only because you are required to do so, it doesn't mean that others will be required to do so.
      See the problem is that you assume that everything has to be the same way like you do.
      But in reality most of the software written is not part of critical infrastructure like the niche example you pointed out.
      My employer doesn't pay me to check the depencies i put in. They pay me to add features or fix bugs. I can't achive SLAs for my tickets if i have to check every line or every code block.
      Even a dumb script kiddie would realize this fact :)

  • @SimplexSM
    @SimplexSM 2 роки тому +229

    "Crashing like Bandicoots" is an expression I'll always use from now on

    • @Daniel15au
      @Daniel15au 2 роки тому +7

      At my workplace someone built a crash logging system and called it "Bandicoot" :P

    • @User31129
      @User31129 2 роки тому +2

      It took me way too long to get this joke. I think because his name was Crash and not Crashing.

  • @jbird4478
    @jbird4478 2 роки тому +1713

    If Kik didn't want to be dicks about it, they should have just said: hey dude, we'll win in court, but here's 1000 dollar for the name so we don't have to go through all that.

    • @deftheocelot9125
      @deftheocelot9125 2 роки тому +2

      From what I recall, they DID offer to pay him for it but he rejected it on principled grounds. Fun fact, open source devs have a major grudge against big corporations. He basically told them to go f*** themselves, and kik, deciding what is one turkish programmer against their billions of dollars, decided they could win and kept escalating.

    • @ethanchapman1776
      @ethanchapman1776 2 роки тому +148

      That's basically what they did. I don't know if they put a dollar amount on it, but it was fairly clear that Azer wasn't open to negotiations.

    • @JeremyGabbard
      @JeremyGabbard 2 роки тому +367

      @@ethanchapman1776 If the emails in the video were actually accurate, it looks like he offered to sell it for $30k, which Kik could have easily afforded.

    • @traniel123456789
      @traniel123456789 2 роки тому +528

      @@ethanchapman1776 After Bob said "Is there nothing we can do for you that would compensate you for the hassle of changing the name?"
      Azer replied with:
      "Yeah, you can buy it for $30.000 for the hassle of giving up with my pet project for bunch of corporate dicks"
      which is not entirely unreasonable. 3 letter domain names are in that price range +. Instead of trying to negotiate they escalated straight to npm support 5 minutes later.

    • @finchhawthorne1302
      @finchhawthorne1302 2 роки тому +29

      Hey, this is our brand already, and for the clarity of recognition we’d like to use our own name just isn’t that unreasonable a request, and they clearly did offer money, he just wanted an absurd amount more than they were offering. Because open source bros are like that.

  • @jellyfishfingernail4_fan287
    @jellyfishfingernail4_fan287 2 роки тому +914

    Once i had a dream about watching one of your videos and it was about italian mice who kill other italian mice

  • @Pedrocas
    @Pedrocas Рік тому +140

    As a Software Development student, seeing C++ being built on top of Python in the animation almost gave me a heart attack

    • @jjpaq
      @jjpaq Рік тому +11

      Everything is built on Java, don't you know?

    • @Pedrocas
      @Pedrocas Рік тому +6

      @@jjpaq LMAAOOO

    • @witchilich
      @witchilich 11 місяців тому

      @@jjpaq Java compiles to JavaScript

    • @futuza
      @futuza 11 місяців тому +5

      It's might not be exactly wrong, I wouldn't be surprised if there was some sort of compiler for C++ out there that installs using a Python script lol

    • @sierragutenberg
      @sierragutenberg 11 місяців тому +2

      same

  • @pigboiii
    @pigboiii 2 роки тому +214

    This is why you should think about adding a dependency to your project
    Yes libraries are almost always better then stuff you write yourself but this is 1 very easy function to just implement yourself and save a dependency.

    • @schwingedeshaehers
      @schwingedeshaehers 2 роки тому +43

      or in this case, copy the code into your one program (yes, is in this case legally, you may have to add the name of the original creator)

    • @pigboiii
      @pigboiii 2 роки тому +11

      @@schwingedeshaehers yeah indeed if the license permits

    • @forgottenfamily
      @forgottenfamily 2 роки тому +43

      The problem is that, while it's easy to replace something like leftpad for your own project, it's extremely expensive and more likely to add risk to not use a tool like babel or react, far more complex and valuable libraries with extremely active development and security analyses. Like this video said, applications that relied upon these more complex tools became dependent upon this very simple tool. In general, the pooled security is far more valuable and saves far more money in the long run than avoiding the occasional hiccups using open source projects. In general, having a few bad days each year is nothing compared to trying to recreate React.

    • @jfolz
      @jfolz 2 роки тому +32

      left-pad isn't even the worst of it. There's packages that are literally a single line of code and they still get used. Everything surrounding JavaScript, including NPM is a total shitshow.

    • @TRDiscordian
      @TRDiscordian 2 роки тому +9

      @@forgottenfamily just throwing this in there as someone with 19 years of CS experience, I've never used react or babel. I actively discourage react usage for anything other than hacks (or 'bodge's as Tom Scott puts it).

  • @dreamhollow
    @dreamhollow 2 роки тому +97

    This just goes to show that people who are mostly unseen can still have a huge impact on the world.

    • @hyoroemongaming569
      @hyoroemongaming569 2 роки тому

      This. When people cite underrated, now I would cite this turkish guy

  • @TheGrooseIsLoose
    @TheGrooseIsLoose 2 роки тому +228

    Normally when someone makes a video about a topic I know a lot about, the best outcome is, “Well I mean I guess how you could describe it like that if you don’t know anything about it,” but honestly this was a really good explanation.
    There was only one moment in the video where I thought, “Well I wouldn’t use that word here because it’s not technically accurate, but to be fair anyone who would be confused by it probably already knows what you mean anyway.”

    • @schwingedeshaehers
      @schwingedeshaehers 2 роки тому +3

      which moment?

    • @vagoskonstantinou3475
      @vagoskonstantinou3475 2 роки тому +1

      Duuuude

    • @fattahrambe
      @fattahrambe 2 роки тому +24

      @@schwingedeshaehers NPM is only for JavaScript only (someone in the comment said)

    • @clairevero
      @clairevero 2 роки тому

      If you are so pedantic don't watch videos about this subject

    • @purplewine7362
      @purplewine7362 2 роки тому +2

      So you're the guy who's not invited to parties that was mentioned in the video!

  • @LividImp
    @LividImp 2 роки тому +39

    I run a site for an obscure, yet historically important 70s punk band called The Normals. Needless to say I get requests from various other "Normals" bands that want to use the site name. The funniest excuse they use for why I should give them the name is that "you're not doing anything with it" (meaning a band from the 70s hasn't put out a record recently). Which is like saying, "these Beatles guys haven't put out a record since the 70s, they don't deserve a presence on the web." They'd rather erase the legacy of others than to put in the mental effort to be more creative with their name (ironic coming from an artist).
    I ultimately tell them "no", but I do check up on their band later. Not once has one of these bands ever done anything of note and they almost immediately disappear within a few years, and usually within a few months. So if I gave in to these demands, not only would they have themselves done nothing with the name, they also would have taken down a band that actually did do something with the name.

  • @emilyhou1990
    @emilyhou1990 2 роки тому +219

    I would say the npm explanation is pretty accurate, but did want to correct that people use packages not because they're lazy and don't want to write the code themselves, but there is a general understanding that being a good software engineer means you aren't rewriting what's already been written and figured out, it standardizes things and allows for easier updates across projects.

    • @saturnaliam
      @saturnaliam Рік тому +46

      plus it can be more secure, i’d rather trust a package about cryptography made by people who actually know what they’re doing rather than smthn i throw together

    • @shawermus
      @shawermus Рік тому +30

      After trying to code everything by myself, I realized that literally any medium sized coding related project is borderline impossible(if you're solo of course) without using other peoples code.
      You don't reinvent the wheel every time you need it not because you're lazy but because it's just stupid and time consuming to do.

    • @leogama3422
      @leogama3422 11 місяців тому +1

      Not in this case however

    • @3_smh_3
      @3_smh_3 10 місяців тому +1

      Not necessarily standardized, lol, but I get your point.

    • @prumchhangsreng979
      @prumchhangsreng979 10 місяців тому

      @@shawermusif someone is so insistent on reinventing the wheel. They should code in binary with bitwise operation and creating all sort of stuff leading up to their programmed. After all, all these programming languages with built in functions all trace back to someone was making stuff with binary

  • @jojojorisjhjosef
    @jojojorisjhjosef 2 роки тому +360

    Great explenation, I only use python but I can imagine, if someone screwed around with numpy we'd all be doomed.

    • @vrclckd-zz3pv
      @vrclckd-zz3pv 2 роки тому +1

      If someone screwed with numpy academia would collapse

    • @white-bunny
      @white-bunny 2 роки тому +30

      Oh damn. That would be a NIGHTMARE holy crap.

    • @GoogleUse5369
      @GoogleUse5369 2 роки тому +2

      50th like😉

    • @mrjack08722
      @mrjack08722 2 роки тому +11

      See now that there is a worst case scenario.

    • @arsvi123
      @arsvi123 2 роки тому +44

      How to kill all of machine learning and cryptography in one easy step!

  • @2xtoo145
    @2xtoo145 2 роки тому +77

    Amateur, I don’t even do anything to the code and it breaks

  • @tatnmn1764
    @tatnmn1764 2 роки тому +359

    "Too bad he (Azer) didn't put malwares into his packages instead." - Someone who likes to watch the world burn

    • @rkvkydqf
      @rkvkydqf 2 роки тому +62

      Many spitful devs have done this. From wiping hard drives of computers with Russian IPs to generating corrupted text instead of placeholders.

    • @jackielinde7568
      @jackielinde7568 2 роки тому +1

      The problem with adding malware to code, even code you own, is illegal in many countries. Had he actually done that, you can bet all sorts of "Governmental Suits" would have been banging on his door just as quickly as his code was reinstated. Just remember this, no matter how painful Corporate Suits can make your life, at least they can't legally kidnap you, chuck you in a hole somewhere, and forget about you.
      No, pulling a Cartman by taking his coding ball away and going home was the best way to bring light to this. He was fully in his rights to do so, and it's not his problem that things broke.

    • @ThePC007
      @ThePC007 2 роки тому +31

      You mean like the guy who made node-ipc? Yeah, that was a hella fun, huh?

    • @susulpone
      @susulpone 2 роки тому +7

      @@rkvkydqf i think the event you are referring to was russian ip addresses, not keyboard layouts, no?

    • @nooblangpoo
      @nooblangpoo 2 роки тому +17

      You know what would've been funny and more distruptive? If he made it 2 left spaces rather than 2.

  • @NoNameAtAll2
    @NoNameAtAll2 2 роки тому +289

    lessons of this story:
    1) simplest npm packages must become part of the language itself
    2) fuck npm for siding with corporation

    • @alexstone691
      @alexstone691 2 роки тому +33

      I agree he took the name first

    • @UmaROMC
      @UmaROMC 2 роки тому +51

      @@alexstone691 More than that, they STOLE frokm the dude. NPM publishing some-one else's work against their wishes?
      That's theft man

    • @schwingedeshaehers
      @schwingedeshaehers 2 роки тому +14

      @@UmaROMC no, the code wash published under a licences that allowed that before

    • @forgottenfamily
      @forgottenfamily 2 роки тому +27

      @@UmaROMC All packages are published under a specific license. Most NPM packages (though not remotely all) including leftpad are using the MIT license. The MIT license is generally "do what you want, just don't blame me if something goes wrong". If the original versions were published under the MIT license, then NPM is fully licensed to republish it and it isn't theft. It might be disrespectful, but it's also disrespectful to cause billions of dollars of damage to the economy out of spite because two companies fucked you over (and no, that's not an exaggeration. If it had remained unpublished, it would have been that bad)

    • @laundmo
      @laundmo 2 роки тому +2

      right?? how the fuck do you need any amount of code to pad a string? and here i thought JS was considered batteries-included.

  • @2WaterGuns
    @2WaterGuns 2 роки тому +31

    This is a perfectly reasonable explanation of how NPM works, and suitable for the level of depth this channel demands, but if you want a nitpick for your anniversary mistakes videos, there's more than one package manager. NPM is the de facto standard package manager for JavaScript, which is what much of the Internet is built on, but the illustration at around the 1:20 mark shows other languages which would typically use different package managers. (And tell your animators not to worry about putting the Java logo in cases which are probably meant to be the JavaScript logo - they're different languages, but it's really our bad for letting marketers in the 90s decide to name the latter after the former.)

    • @fetchstixRHD
      @fetchstixRHD 2 роки тому

      I was gonna say something about that image(!)

  • @jdatlas4668
    @jdatlas4668 2 роки тому +318

    As a techie, you’re gonna have to be more specific. Which one? :P
    But seriously, these sorts of things happen all the time. Turns out the internet is an incredibly shaky edifice all relying on a handful of projects run by a few guys in their spare time. Statistically speaking most of them are furries. Sorry, I don’t make the rules.

    • @AnimilesYT
      @AnimilesYT 2 роки тому +61

      Yup. Most programmers are furries, trans people, autistic people, or all of the above.

    • @loonloon9365
      @loonloon9365 2 роки тому +89

      As a wise man once said, "If a furry convention fell into a pit of lava, the world's IT capabilities would plummet into the stone age."

    • @jdatlas4668
      @jdatlas4668 2 роки тому +70

      @@loonloon9365 I saw a tweet with a plane full of furries a while back and basically all the comments were about how this was a high risk concentration of critical individuals on one plane and how doomed we’d be if it went down.

    • @DieselJS
      @DieselJS 2 роки тому +8

      @@AnimilesYT they really aren't.

    • @compactcow
      @compactcow 2 роки тому +4

      source??? 🤣🤣🤣🤣🤣👎👎👎👎👎

  • @iloveplasticbottles
    @iloveplasticbottles 11 місяців тому +7

    Love it when big companies get their way even though they shouldn't

  • @burridi
    @burridi 2 роки тому +23

    This was genuinely hilarious to watch you explaining everything going to hell- and the fact that it only lasted 10 minutes

  • @toizh_x
    @toizh_x 2 роки тому +16

    Azer: makes kik
    Kik, the messenger: Unfortunately, history will not see it that way.

  • @NhinJaa
    @NhinJaa 2 роки тому +13

    You guys broadsided me with "crashing like bandicoots" hard lol there. Well done, well done.

  • @tozrimondher4250
    @tozrimondher4250 2 роки тому +51

    Azer is my neighbor, he’s always bragging about how he literally single handedly broke the internet, but none of our friends really cared.

    • @vigilantcosmicpenguin8721
      @vigilantcosmicpenguin8721 2 роки тому +11

      I wonder how he'd react if he saw this video.

    • @candycorn-
      @candycorn- 2 роки тому +1

      what a chad

    • @morbidsearch
      @morbidsearch 9 місяців тому

      That makes two people named Azer who broke the internet (the other being the kid who appeared in those videos with Tara and Raven Your Acidbath Princess of the Darkness)

    • @vladventura1928
      @vladventura1928 6 місяців тому +1

      Tell him he shouldn't have apologized, he did nothing wrong, not his fault

  • @matrinoxtm
    @matrinoxtm 2 роки тому +40

    The fact that so many dependencies relied on 11 lines of code is exactly what's wrong with the javascript ecosystem

    • @hyoroemongaming569
      @hyoroemongaming569 2 роки тому +7

      You dont reinvent what people have figured out

    • @Carlos-kh5qu
      @Carlos-kh5qu Рік тому +23

      @@hyoroemongaming569 It's just too simple for risking such a catastrophic event. The code for is-even is literally shorter than typing the name of the package (n%2==0) and it's still popular
      You don't need to reinvent the wheel, but you don't need to import an ice cube from Antarctica.

  • @Litchert
    @Litchert 2 роки тому +12

    As a programmer, your explanation as to why we use package managers is 110% accurate

  • @jakeave
    @jakeave 2 роки тому +11

    And this is one of the reasons why I hate using dependencies. That doesn't mean I don't use them, I just hate myself for doing it.

  • @AM-ce4of
    @AM-ce4of 2 роки тому +168

    For a company dealing in open source packages, it seems like this could've been avoided in a far more adult manner. Reserve _TM or something as a mandatory suffix for any package names claiming trademark. Then there's no dispute with existing package names. If there's already a kik_TM, that means some other douche canoe already claimed that highly creative collection of 3 letters. Shocking. Well, here's the registration contact info they gave us. Good luck!

    • @drewjanus4643
      @drewjanus4643 2 роки тому +19

      Kik the package was probably around before Kik the website so technically the development could claim copyright in the space of code packages and Kik the company couldn't do shit about it.

    • @Zroyalbomber
      @Zroyalbomber 2 роки тому +12

      @@drewjanus4643 Doubt the package predates the company. Both Kik the messenger and npm were released in 2010, roughly 8 months apart. Unless Kik the package just happened to be released on npm in that relatively short timeframe, Kik the company was first.

    • @klfjoat
      @klfjoat 2 роки тому +10

      That's a great idea! In one country only. Also, in America, multiple companies or their products can have similar names as long as there's no chance of confusion. See also: Popeyes the fast food chain & Popeye the cartoon character.
      Which one gets the single "official" slot in your scheme?

    • @comedyzone
      @comedyzone 2 роки тому +1

      @@klfjoat Given we're talking very literal and specific strings of text, they both get what they want. popeyes gets with an s and popeye gets without. Simple.

    • @AM-ce4of
      @AM-ce4of 2 роки тому +4

      @@klfjoatthe one that’s a registered trademark, obviously. Go register Popeyes and let us know how that works out. While you’re at it, make the logo magenta. You’re not offering phone service so I’m sure T-mobile will be super chill about it.

  • @the_dented_NPC
    @the_dented_NPC 5 місяців тому +7

    Well, you'll need another video now- "The update which broke the IT infra"

  • @ego-lay_atman-bay
    @ego-lay_atman-bay Рік тому +2

    I'm glad that I prefer to copy / paste, rather than use a package that has the same code.

  • @TopchetoEU
    @TopchetoEU 2 роки тому +22

    Actually a really good explanation, speaking as a programmer myself

    • @海王星クショックス
      @海王星クショックス Місяць тому

      I was suprised by how extremely well he must have researched this. Everything seems on point to me.

  • @patrickstrasser-mikhail6873
    @patrickstrasser-mikhail6873 2 роки тому +99

    They lost at the second mail at "but" with "We don’t mean to be a dick about it, but [...] our trademark lawyers are going to be [...] taking down your accounts and stuff like that - and we’d have no choice [...] because you have to enforce trademarks [...]."
    Oh the poor guys with loads of money for trademark lawyers had really no choice but to be dicks. 🤬

    • @teelo12000
      @teelo12000 2 роки тому +17

      What gets me is "we don't mean to be dicks" "but you are being dicks" "wahhh help hes being abusive"

    • @AdrianColley
      @AdrianColley 2 роки тому +7

      Let's not forget that McDonald's failed in court when they tried the same "just defending our trademark" attack on an Irish burger chain called Supermac's. Having a trademark doesn't give you priority.

    • @Alexander_C69
      @Alexander_C69 Рік тому

      @@AdrianColley That is a very different case as Mac is a common name so a trademark based on it can only be applied very narrowly, Kik is not a common word and as far I can tell has no meaning outside of internet slang meaning as a trademark it can be applied much more widely.

  • @cemsity
    @cemsity 2 роки тому +23

    NPM is so broken that it is astonishing that it pretty much underpins the modern internet.

    • @ETXAlienRobot201
      @ETXAlienRobot201 2 роки тому +1

      some people are smart enough not to use it, same with the frameworks that go in and out of style

    • @lztx
      @lztx 2 роки тому +2

      Npm is probably less broken than any package manager before it. You never had to live through rpm hell, for example

    • @jeshweedleon3960
      @jeshweedleon3960 2 роки тому +2

      @@lztx that said, less broken is still - fundamentally - broken.

    • @lztx
      @lztx 2 роки тому +1

      @@jeshweedleon3960 I'm a PHP/Perl developer. Broken is a way of life. 😂😓

    • @Interpause
      @Interpause 2 роки тому

      python's pip sucks. conda sucks. i use gentoo's portage to manage my python dependencies (jk)

  • @loganh2735
    @loganh2735 10 місяців тому +2

    2:56 “Much like this video…”
    *Like button lights up*

  • @viccie211
    @viccie211 2 роки тому +11

    That moment when C# and .NET are in a Jenga tower describing JavaScript packages. Ouch

  • @austin54
    @austin54 8 місяців тому +1

    2:55 "Much like this video, it didn't require any particular skill or brilliance to write" was the first time you said 'like' in the video, so it made the like button animation happen

  • @irvalfirestar6265
    @irvalfirestar6265 2 роки тому +19

    There's always a relevant xkcd when it comes to kerfuffles like this one, and for this instance it's 2347.
    A more recent example of this would be the gpsd bug last year, and there was also another one back when OpenSSL's Heartbleed issue came to light.

    • @austingarcia6060
      @austingarcia6060 Рік тому +1

      I was thinking of that xkcd the whole time!

    • @orngjce223
      @orngjce223 8 місяців тому +1

      Now we have xz to add to the pile!

  • @randomobserver8168
    @randomobserver8168 2 роки тому +8

    This kind of story reminds me of two realities- one, that I am a clueless caveman, and two, the world built around me by the postmodern geniuses is all fairy dust and daydreams held together by baling wire and paper cups.

  • @room34
    @room34 2 роки тому +40

    I've been a web developer since… well, before anything like a package manager existed, and like the crusty old curmugeonly Gen Xer I am, I have stubbornly refused to ever build anything that uses npm or anything like it. Sure I use plenty of open source code, but I don't build anything with dependencies in this way because it just *feels wrong* to me, and this is a pretty good overview of why that's the case.

    • @qwertyTRiG
      @qwertyTRiG 2 роки тому +9

      It's a good example of why you should use a package manager that locks you to a specific version of a package, and doesn't update unnecessarily.

    • @room34
      @room34 2 роки тому +8

      @@qwertyTRiG And even more, why you shouldn't use packages at all for exceedingly simple code you ought to be able to write yourself.

    • @qwertyTRiG
      @qwertyTRiG 2 роки тому +1

      @@room34 Yes. To be honest, left pad seems like a strange thing to be that popular. (We write in PHP, and use Composer.)

    • @andrewharrison8436
      @andrewharrison8436 2 роки тому +2

      Spot on, was a developer but never on websites. When I found out about the Jenga tower (nice image - thanks HAI) that is modern code I was horrified.
      Disclaimer - I am a boring baby boomer and so totally out of touch and senile and still own a sliderule - but I am right, it deserves to break.

    • @HenryLoenwind
      @HenryLoenwind 2 роки тому

      Replace "web developer" with "house builder" and "package manager" with "hardware store" and people will declare you insane.

  • @skyfeelan
    @skyfeelan 2 роки тому +4

    'crashing like bandicoot' best phrase ever made by sam 4:01

  • @johnlynch1353
    @johnlynch1353 2 роки тому +11

    As someone studying computer science I can say the reason we use packages is exactly as you describe.

  • @oxyaego4594
    @oxyaego4594 2 роки тому +11

    And that's why every programmer who's using npm will tell you they hate npm
    I hate npm

    • @rkvkydqf
      @rkvkydqf 2 роки тому

      Yep. `node_modules` isn't some alien artifact, but the entire dependency graph for your project. And when you stop and ponder if some tiny library requires gigabytes of code to run, you realize just how broken this ecosystem is. Why is it not a thing with Python, Go, or C#, but gets so bad with NPM.

    • @oxyaego4594
      @oxyaego4594 2 роки тому +1

      @Firstname Lastname deno is trying to solve the problem of shitty packages. If you feel comfortable with node you should try it, it's very refreshing
      Also it's mostly out of convinience. If you're starting out for example it's easier to use the same language for both frontend and backend rather than learning an entire new ecosystem just to write one app and besides js on backend is actually pretty fast and scalable

  • @TravisNewton1
    @TravisNewton1 2 роки тому +8

    Whenever you hear about big apps breaking, it always points back to either DNS or an NPM package. This is also why a centralized internet is not a good thing and why I miss the old days where literally 95% of the internet didn't rely on a single source of failure. NPM (really Github but actually Microsoft) could shut down tomorrow and the internet would be FUBAR.

  • @Paradox-es3bl
    @Paradox-es3bl 2 роки тому +6

    Misread it as Elven as I was like, "That's so dope. Someone making the Internet snuck in a LOTR Easter egg and it's actually crucial to the internet working? Awesome."
    Now my disappointment is immeasurable and my day is ruined.

  • @andrewgoenner120
    @andrewgoenner120 2 роки тому +12

    You forgot to mention the Georgian grandmother who broke the internet for all of Armenia.

    • @mertsecen1136
      @mertsecen1136 2 роки тому +4

      the grandmother was also Armenian. her name was Hayastan Shakarian. “Hayastan” literally means “Armenia” in Armenian

  • @DJ_Force
    @DJ_Force 2 роки тому +2

    The statement that developers just cobble together other people's code is spot on. It's like if everything in the world was made of Lego blocks, including Lego blocks.

  • @mikey9164
    @mikey9164 2 роки тому +6

    Worth noting that for JavaScript in particular, a lot of the packages required are just filling in for the lack of common utility functions in JS, especially older editions. So you end up with thousands of NPM packages that aren't really maintained or scrutinized that just provide basic utility that arguably should be included in the language (like how "left pad" now is)

  • @RodrigoDavy
    @RodrigoDavy 2 роки тому +32

    I'm a web developer and I just want to say that the explanation of what NPM is and what it does is pretty good, considering it's a channel which makes semi-satirical semi-educational 5-10 minute videos with lots of outdated memes and unfunny jokes
    The pain we get when the Jenga tower of borrowed code breaks is very real and not easy to solve at all

    • @MichaelDavis-mk4me
      @MichaelDavis-mk4me 2 роки тому

      Except for the part you could easily spot the missing package, and since it was used freaking everywhere, you can just rebuild it from one of the millions of copies floating around on the Internet. Like it's 11 lines of code, just make your own package and have it locally.

  • @markusTegelane
    @markusTegelane 2 роки тому +58

    It makes me furious when people confuse the web with the internet. Yes, web is part of the internet, but it certainly isn’t the whole internet. There’s over 65k possible types of services that can utilze the internet, which includes e-mail (through a client, such as an e-mail app on your smartphone), P2P, FTP, VoIP, Minecraft servers, etc. None of these things would get affected by this.

    • @artski09
      @artski09 2 роки тому

      deep web for the win

    • @gavros9636
      @gavros9636 2 роки тому +9

      You assume these other things don't also use npm?
      Anything using npm was hit hard by this.

    • @qwertyTRiG
      @qwertyTRiG 2 роки тому +5

      @@gavros9636 Probably not. Mail clients may use javascript, but I wouldn't imagine that many mail servers do. Or FTP servers. Or most internet servers. In fact, not many web servers do either, except those using Node.

    • @ShadowEO
      @ShadowEO 2 роки тому +3

      @@gavros9636 you wouldn't use Node for a production SMTP/IMAP/POP3 server, and certainly wouldn't use it for anything like centralized VOIP servers such as SIP. I've seen Minecraft Servers done in PHP, so I won't say anything about those. But the Internet as a whole does not run on NodeJS and NPM.

    • @TRDiscordian
      @TRDiscordian 2 роки тому +2

      @@qwertyTRiG I think you'd be surprised and disappointed how many modern server-side things are written in JS.

  • @gaudenciomanaloto6443
    @gaudenciomanaloto6443 2 роки тому +2

    oh maaaan it's kinda exciting when a topic suggestion I made was picked! I'm almost sure I'm not the only one who suggested this and I forgot the name I typed on the sheet but I really wanted to see your take on this, thanks sam and adam who apparently wrote the vid!

  • @devhonk1722
    @devhonk1722 2 роки тому +7

    funfact: JS already has a builtin padding function, but knowing how packages like is-true are downloaded every day, eh.

    • @nighteule
      @nighteule 2 роки тому +1

      So it's a case of people not knowing the language they're paid to know well enough?

    • @mikey9164
      @mikey9164 2 роки тому +3

      padStart wasnt added until ECMAScript 2017, and this happened in 2016

    • @devhonk1722
      @devhonk1722 2 роки тому +1

      @@mikey9164 oh, my bad.

  • @andreibaciu7518
    @andreibaciu7518 2 роки тому +1

    Kik gets mentioned
    Omegle bros: "You know, i'm something of a scientist myself"

  • @patricknelson
    @patricknelson 2 роки тому +14

    WebDev here: The “broke the Internet” part is _kinda_ true (used for comedic effect). Websites/services stayed online because it was the building/deployment of _new versions_ of those websites that would be failing (so basically what’s there is still there, but just *frozen into place* and unable to be _updated_ to a newer version) because the retrieval of the package from NPM would have failed during the build phase _prior_ to deployment to production, for example. So, caching (unless we’re talking about local caching of npm repos in the build systems) _probably_ had little to do with it.

  • @AlanTheBeast100
    @AlanTheBeast100 2 роки тому +2

    If architects built buildings like programmers design code, the first woodpecker that comes along would destroy civilization.

  •  2 роки тому +17

    Based.
    Everyone uses packages. You make it sound like it's lazy. It's good to reuse code

    • @rkvkydqf
      @rkvkydqf 2 роки тому +4

      Yep. It's especially true for things like cryptography and rendering. If you end up writing it without any prior qualification, you'll get a barely working mess. Reusing code is good.

    • @gab8169
      @gab8169 2 роки тому +2

      depends on the context though, here node was implied. node devs are notorious for using hundreds of small packages they don't really need and could write themselves in minutes.

    • @thetheatreorgan168
      @thetheatreorgan168 2 роки тому

      @@gab8169 one gets malware'd or deleted and the house of cards crumbles

    • @Hexagonaldonut
      @Hexagonaldonut 2 роки тому +4

      @@gab8169 Yeah, most of his commentary on the subject earlier in the video was definitely mostly just him being coy, but with leftpad specifically? Yeah, he ain't wrong about laziness there. It's a ridiculously simple function, it probably takes more time to find, download, and include it than it does to literally just code it yourself.

    • @fetchstixRHD
      @fetchstixRHD 2 роки тому

      I don't think the quote that it was "lazy" was said in any real seriousness, to be fair.
      That said, I'd agree with reusing code, up to a point - don't reinvent the wheel, and save that time to do better things!

  • @rocapbg9518
    @rocapbg9518 2 роки тому +2

    How are people so lazy, they add a dependency just so they don't have to write 10 lines of code. I am honestly disgusted by modern programmers.

  • @onion7568
    @onion7568 5 місяців тому +4

    UA-cam recommended this to me right after Crowdstrike.....

  • @TRDiscordian
    @TRDiscordian 2 роки тому +1

    "Crashing like bandicoots", I see you HAI.

  • @DMH-bt2zo
    @DMH-bt2zo 2 роки тому +3

    As someone studying computer science and becoming a tech nerd, this video was very helpful.

    • @NinjaRunningWild
      @NinjaRunningWild 2 роки тому +1

      Here's something they won't teach you in school that’ll be valuable to you : *Register your copyrights.*

    • @DMH-bt2zo
      @DMH-bt2zo 2 роки тому

      @@NinjaRunningWild Exactly.

  • @ThemightyTho
    @ThemightyTho 2 роки тому +1

    Hah pathetic, I remove a single parenthesis and my entire computer explodes like an atomic bomb

  • @kubak3381
    @kubak3381 2 роки тому +35

    The Turkish programmer was totally in the right here. He made an NPM package with the name KIK and it's like creating an Instagram account with the name Google. If Google wanted that Instagram name, they should have offered him a hefty amount of money for it. NPM by giving the name KIK to the company KIK essentially did something like Facebook stealing someone's Instagram account named Google and giving to to the company Google. They totally shouldn't have done that.
    I am not surprised at all that the developer removed all his packages from NPM and it's probably what I would have done too. Also the "cache" has nothing to do with the Internet working for some people. NPM is a service that (among other things) allows you to download open source packages from their repository, the Turk removed it from NPM and therefore no one could download it anymore, but if some developer has already downloaded that package they would have it on their PC and their app would work just fine. It's with putting the new version of that app on the server is where the trouble begins, because you'd need to download it from NPM once more, but again... if you already had that package downloaded you could just put the files from your PC on which you programmed said app onto the server which would host that app and everything would work just fine.

    • @Xershade
      @Xershade 2 роки тому

      Yeah you can download it, but most developers especially when doing a live build purge their downloads and caches to update the packages to, I don't know, test things. The live versions were fine, they were already delpoyed. It was the developers doing full clean builds that had an issue.

    • @kubak3381
      @kubak3381 2 роки тому +3

      @Cipheiz It varies depending on the country, as each country has different laws regarding these sorts of things. I admit that Google is a rather unique name, but a name like kik with only 3 letters is not that uncommon. Either way having legal rights to use any name does not give you exclusive rights to use an account with that name on any platform (like Instagram in the example above)

    • @kubak3381
      @kubak3381 2 роки тому +1

      @@Xershade That's exactly what I was trying to explain

    • @NinjaRunningWild
      @NinjaRunningWild 2 роки тому

      Moral right, but not legal right. And moral right doesn't matter in court.

    • @pieterdepauw6599
      @pieterdepauw6599 2 роки тому +1

      You actually can't use the name "Google" because it has been trademarked. Probably, KIK also had a trademark on their company name.

  • @sucyshi
    @sucyshi 2 роки тому +11

    I remember this well. It basically shut down the startup I worked at which was awesome since we couldn't work so I didn't have to do anything

  • @JamesSatherley
    @JamesSatherley 2 роки тому +2

    If you paused and read the 3 articles you’ll read that NPM chose ‘kik’ over ‘kik’ because if a user request npm kik NPM wants said user to receive what they are most likely to receive and due to kik being an app with 200 million users they are the most likely to be requested

  • @PerErikKarlsson
    @PerErikKarlsson 2 роки тому +7

    "caching" is doing a lot of heavy lifting here.

  • @DimensionDevices
    @DimensionDevices 2 роки тому +2

    You summed up everything I hate about web development in a 5 minute video... I've been doing this for over 20 years... The industry is full of stupidity. I worked on a ONE PAGE WEBSITE APPLICATION that used somewhere near 500mb of libraries... THINK THAT OVER, IT'S INSANE.

  • @alwoods8010
    @alwoods8010 2 роки тому +3

    I remember that day. It was glorious. I had spent like 6 months trying to convince my company to download packages and host them ourselves and no one saw the benefit. Then this happened and guess who got his on site package hosting the same week.

  • @_caesay
    @_caesay 2 роки тому +1

    It's reasons like this why other big package repositories (e.g. NuGet) do not allow packages to be fully 'unpublished', but they can be 'unlisted'. The difference is subtle, but it means people who are already using a package can continue using it when it becomes unlisted, however new people searching for it will not be able to find it in search. Since Microsoft (owns NuGet) also purchased npm in 2020, they've implemented a similar strategy for popular npm packages with a high number of downloads.

  • @justinlipkin
    @justinlipkin 2 роки тому +4

    Holy crap he's talking about something I regularly use in my day job!

  • @ofskittlez
    @ofskittlez 2 роки тому +2

    "Crashing like Bandicoots".
    I don't know why that's hilarious to me.

  • @bradenborman4396
    @bradenborman4396 2 роки тому +12

    Umm one thing about this is incorrect. You claim that they kept working due to caches. Noooo. Prior builds don’t just suddenly break. So even if it wasn’t cashed, the current product version is unharmed. Any project that has left pad as a transitive dependency would just simply be un able to find it and therefore break. But they claim that every time a user goes to a site it compiles and builds is awful lmao

    • @Xershade
      @Xershade 2 роки тому +1

      Yeah you'd be surprised that there are idiots that design sites that do that...they usually fail for obvious reasons though.

  • @3rdalbum
    @3rdalbum 2 роки тому +2

    As a Python programmer I'm amazed Leftpad is as many as 11 lines of code. That's, like, 7 more than is necessary.

  • @amandaswindell8732
    @amandaswindell8732 2 роки тому +4

    Me hearing a package was unpublished: "Meh, how bad could it be?"
    Me hearing the package was left-pad: Eyes widen and with the gravitas of a scientist in a 70s disaster film, "Dear God."
    And I thought the whole Log4j thing was bad. I mean, it is bad, really bad. But this damn thing (left-pad) is so far down on the stack... *shudders* (And yes, I know Java and JavaScript aren't the same things. But still.)

  • @reddcube
    @reddcube 2 роки тому

    So much work went into this video, that I watched and will never think about again for the rest of my life.

  • @joseville
    @joseville 2 роки тому +13

    0:12 you forgot the Armenian grandma

  • @Noobixm
    @Noobixm 2 роки тому +1

    None of you realize that literally the whole internet might be reliant on some little project a small coder might be thanklessly maintaining.

  • @CrystalPegasus95
    @CrystalPegasus95 2 роки тому +8

    Sam breaks the internet.

    • @sendthis9480
      @sendthis9480 2 роки тому

      @Best 🅥
      Say bye to your account, bot

  • @admiralcapn
    @admiralcapn 2 роки тому

    That "Incredibles" nod at the beginning was fantastic!

  • @imaron
    @imaron 2 роки тому +3

    Best part, the package, for which they had to take away the name from an innocnet open source dev for no reason, is now removed because it contained malicious code. gj npm...

  • @Respectable_Username
    @Respectable_Username 2 роки тому +1

    Actually a pretty decent explanation of NPM. Good job Sam and team!

  • @Jimey28
    @Jimey28 2 роки тому +4

    Whoa I actually knew about this, it's a very interesting topic imo

  • @海王星クショックス
    @海王星クショックス Місяць тому

    Finally, HAI makes a topic I'm acrually knowledgeable about.

  • @LeviForWaifu
    @LeviForWaifu 2 роки тому +7

    Discord App imports a library just to check if a number is even or odd.
    Modern cooders everyone.

    • @jfolz
      @jfolz 2 роки тому +2

      Wouldn't be necessary if JavaScript wasn't such a shitshow of a language.

    • @I25mI25
      @I25mI25 2 роки тому

      It always depends on how safe you want your code to be for unexpected inputs (especially if the users can enter stuff). In Javascript you don't have static types, so you first might want to make sure that what you are checking is a (whole) number. Then you have the problem that very large numbers in Javascript aren't exact anymore (9007199254740992 is equal to 9007199254740993 and 9007199254740993%2 is 0). So, especially in very large and complex enterprise applications you might want to protect against those cases and fail gracefully instead of hard/invisibly. And that is exactly what isOdd/isEven are doing.

    • @jbird4478
      @jbird4478 2 роки тому

      @@I25mI25 This boils down to two problems: Javascript's duck-typing (or whatever they call the horrible type system where everything is an object until it's not), and the borderline insane decision to make all numbers floats (with their inherent imprecision) Or as someone else has put it: Javascript is a shitshow of a language.

    • @LeviForWaifu
      @LeviForWaifu 2 роки тому

      @@jfolz lmafo
      If (num % 2 ==0) true
      Else false
      It's literally that simple with JVM/JS/PY/C and with machine code it's even shorter

    • @jfolz
      @jfolz 2 роки тому +2

      @@LeviForWaifu you sure? I did a quick search. There's at least 3 packages that check if a number is odd on npm. They're quite similar in that they perform a couple of checks that what you put in is actually a number and that it's somehow safe(?) to use. Then they return (n % 2) === 1, so apparently your line was already wrong in some cases.
      There's a reason why they had to invent === and that reason is JS is a terrible language that should've died a long time ago.

  • @undonebyr2205
    @undonebyr2205 Рік тому +1

    As my web dev professor described it, the internet is just a giant stack of band aids each failing in its own grand way

  • @RajvirSingh1313
    @RajvirSingh1313 2 роки тому +7

    It is just a casual break out of an open-source developer. As not everybody likes to not get paid and just do work for big companies without even getting a credit far from having a donation

  • @torbenmayer
    @torbenmayer 6 місяців тому

    What's most funny to me is that kik also relied on a left-pad and that npm was actually allowed to re-release the original file since their copy wouldn't work because of version numbers.

  • @Sxxov
    @Sxxov 2 роки тому +9

    npm actually stands for "npm is not an acronym", not "node package manager", which i think is a 100% better acronym

  • @weirdmaninshirt
    @weirdmaninshirt 2 роки тому

    Fun fact, NPM does not stand for `node package manager`. The page header will have a random meaning for it every time you visit the site, for example `Neapolitan Pizza Margherita`.

  • @magesticchicen
    @magesticchicen 2 роки тому +6

    This doesn't surprise me lol, you can break huge projects with a single character

  • @DreamPhreak
    @DreamPhreak 2 роки тому +1

    Also don't forget about a similar thing that happened recently with Marak Squires' faker.js and colors.js. He didn't want fortune 500 companies using his code for free, so he corrupted those files

  • @Player257
    @Player257 2 роки тому +6

    Make a video about Quatumn Physics

    • @namyavyas1325
      @namyavyas1325 2 роки тому +4

      Yes it would be Fun to watch that.

    • @UrmilVyas
      @UrmilVyas 2 роки тому +4

      Yes it would be Fun

  • @liamfoxy
    @liamfoxy 2 роки тому

    It's stuff like this that really makes me realize I honestly have no clue what the heck the internet really even is, only that is usually there and working

  • @SidewaysCytlan
    @SidewaysCytlan 2 роки тому +3

    This is known in teh biz as "Dependency hell."
    No, really.