NPM & left-pad: Have We Forgotten How To Program?

Thor

Honorary Master
Joined
Jun 5, 2014
Messages
44,236
but the problem is you are asking for those dependencies though ...
so you are probably using an old resource. check your package file.

Nope I just:

Cd into my laravel project and then npm install

That's what the laracast tutorial said I must do.
 

[)roi(]

Executive Member
Joined
Apr 15, 2005
Messages
6,282
I wonder if you can publish lots of little libraries under GPL/Custom Royalty licenses, then when a big organisatoin comes along and uses it ... you begin the litigation process :)

Open source license agreements are prohibitive of this.
 

[)roi(]

Executive Member
Joined
Apr 15, 2005
Messages
6,282
NPM & left-pad: Have We Forgotten How To Program?

I see this shiat happening to npm very soon


I am learning laravel now and when I did npm install I get a lot of warnings about depreciated shiat.

For instance gulp depends on glob-watcher which internally depends on graceful-fs 1.2.3. It complains about this all the time. It feels like there's going to be a crunch at some point

The point I've been making here is that integral stdlib (standard library) functions should never be used as dependencies, and any frameworks with these dependencies should be either copied or maintained in a separate branch i.e. one that you can control.

Creating direct dependencies is foolhardy as you hinge the integrity of your build directly off a 3rd party that you have no control over.

Be aware that most package managers (incl. npm) link you directly to a 3rd party's package; meaning you implicitly trust that the 3rd party is going to ensure API integrity; expecting this from small open source builds is ridiculous.

The right way is to either branch the project or copy the code you need; that way you have direct control over API integrity.
 
Last edited:

smb3

Senior Member
Joined
Mar 28, 2006
Messages
894
[)roi(];17328436 said:
Open source license agreements are prohibitive of this.

While you won't get royalties from it, you can still start litigation with the right type of license. Was thinking of a court case like this when I typed it.
 

[)roi(]

Executive Member
Joined
Apr 15, 2005
Messages
6,282
While you won't get royalties from it, you can still start litigation with the right type of license. Was thinking of a court case like this when I typed it.

That's a different situation. Cisco was using open source API as part of their commercial solutions, and did not comply with the terms of the open source license. FSF wasn't fighting for revenue but compliance with the terms of the license.
 

Thor

Honorary Master
Joined
Jun 5, 2014
Messages
44,236
[)roi(];17328452 said:
The point I've been making here is that integral stdlib (standard library) functions should never be used as dependencies, and any frameworks with these dependencies should be either copied or maintained in a separate branch i.e. one that you can control.

Creating direct dependencies is foolhardy as you hinge the integrity of your build directly off a 3rd party that you have no control over.

Be aware that most package managers (incl. npm) link you directly to a 3rd party's package; meaning you implicitly trust that the 3rd party is going to ensure API integrity; expecting this from small open source builds is ridiculous.

The right way is to either branch the project or copy the code you need; that way you have direct control over API integrity.

I'm a couple complete noob I understand branch but no idea how to do it.

All I want is to use laravel on my windows pc inside my wamp installation
 

[)roi(]

Executive Member
Joined
Apr 15, 2005
Messages
6,282
NPM & left-pad: Have We Forgotten How To Program?

I'm a couple complete noob I understand branch but no idea how to do it.

All I want is to use laravel on my windows pc inside my wamp installation

Basically you need to understand the packages that you want to include in your project, explore them e.g. on github.

Specifically read the projects commitments, understand how they manage API changes, etc. If they do proper version / branch management, you would be able to link to a particular release of it and be able to feel more assured the API will be secure.

Remember when in doubt contact the project owner and ask them how they manage versions and how they will ensure API consistency.

When in doubt fork the project to your github account; that way you can control what changes are applied to your fork i.e. to secure your project against unintended changes. The other reason you might want to fork a project is because you want to make some changes that are unique to your project, but generally this is better achieved through a wrapper class, or the like.

Alternatively if you only need a portion of framework or need to include a function or two, I'd suggest you create your own standard library in which you copy/paste all the functions you use regularly in your projects e.g. left string pad

Also if the dependency you want is a simple function like leftpad, I'd suggest you just copy/paste this into your standard library, because its very unlikely simple function projects are well maintained; case in point is this thread.

Let me know if you need a practical example.
 
Last edited:

Thor

Honorary Master
Joined
Jun 5, 2014
Messages
44,236
[)roi(];17329060 said:
Basically you need to understand the packages that you want to include in your project, explore them e.g. on github.

Specifically read the projects commitments, understand how they manage API changes, etc. If they do proper version / branch management, you would be able to link to a particular release of it and be able to feel more assured the API will be secure.

Remember when in doubt contact the project owner and ask them how they manage versions and how they will ensure API consistency.

When in doubt fork the project to your github account; that way you can control what changes are applied to your fork i.e. to secure your project against unintended changes. The other reason you might want to fork a project is because you want to make some changes that are unique to your project, but generally this is better achieved through a wrapper class, or the like.

Alternatively if you only need a portion of framework or need to include a function or two, I'd suggest you create your own standard library in which you copy/paste all the functions you use regularly in your projects e.g. left string pad

Also if the dependency you want is a simple function like leftpad, I'd suggest you just copy/paste this into your standard library, because its very unlikely simple function projects are well maintained; case in point is this thread.

Let me know if you need a practical example.

Wait a second....


So if I fork something on github, and the forked original changes, my fork will not change?

That would be do damn am amazing as I see alot of github projects that's quite lekke amd them two weeks later either gone, broken or completely changed
 

[)roi(]

Executive Member
Joined
Apr 15, 2005
Messages
6,282
NPM & left-pad: Have We Forgotten How To Program?

Wait a second....


So if I fork something on github, and the forked original changes, my fork will not change?

That would be do damn am amazing as I see alot of github projects that's quite lekke amd them two weeks later either gone, broken or completely changed

Yes,
Your forks will show up under your repositories; on your fork you can create branches, one which can be the original unaltered version, and another which you can resync with the original to test out their latest changes, and a third could e.g. be changes you'd like to submit as a pull request (update/bugfix/new features) to the original project.

Branches are for example used to maintain different versions e.g. 1st branch could be the original working version of your project, 2nd branch could be the new changes you're working on, ....
 
Last edited:

smb3

Senior Member
Joined
Mar 28, 2006
Messages
894
[)roi(];17328868 said:
That's a different situation. Cisco was using open source API as part of their commercial solutions, and did not comply with the terms of the open source license. FSF wasn't fighting for revenue but compliance with the terms of the license.

I don't see how this is a different situation. My point was not that you can get royalties, as I dismissed this myself in a previous post, but that you can litigate against a company with certain open source licenses, the Cisco one being one of the examples.
 

[)roi(]

Executive Member
Joined
Apr 15, 2005
Messages
6,282
I don't see how this is a different situation. My point was not that you can get royalties, as I dismissed this myself in a previous post, but that you can litigate against a company with certain open source licenses, the Cisco one being one of the examples.

Gain vs tenets of open source.
 

bboy

Expert Member
Joined
Jan 21, 2005
Messages
3,230
Reminds me a lot of the younger generation that used to work with me , would never really develop anything, just string other solutions together and then think they were gods.
 

Thor

Honorary Master
Joined
Jun 5, 2014
Messages
44,236
Reminds me a lot of the younger generation that used to work with me , would never really develop anything, just string other solutions together and then think they were gods.

I did that once, got burned. Learned my lesson, became a cowboy, so shiats messy, but at least it's mine.
 
Top