TIL About How 11 Lines of Code Supported Web Development and the Code Was Deleted It Broke the Internet
TIL About How 11 Lines of Code Supported Web Development and the Code Was Deleted It Broke the Internet
A man in Oakland, California, disrupted web development around the world in 2016 by deleting 11 lines of code.
TL;DR: A patent and trademark agent and NPM bullied an Open Source Dev, so the Dev deleted his code from NPM as is his right. The internet broke. NPM restored the code against the dev's wishes. Corpos win...as always.
When I was a kid I thought being good and kind would help me out in life. What a fucking dumbass I was.
“Bullied”? I mean, the open source app the trademarker wanted to replace wasn’t popular either, and I don’t see how the heck “kik” could be related to something for creating templates. Neither do I see it for messaging, but that is a trademark.
In this case, we believe that most users who would come across a kik package, would reasonably expect it to be related to kik.com.
IMO, the dev was the asshole in that case.
Not in my book. They asked him if he would rename his package, he replied sorry but I'm building a project with this name, and they replied that they were going to send lawyers to do takedowns if he would release his project. This would also rub me the wrong way. Also, the dev was already working on the package before the kik company ever came to NPM. Why would he have to give up on the name for his project?
Original article not via pocket: https://qz.com/646467/how-one-programmer-broke-the-internet-by-deleting-a-tiny-piece-of-code
It's the left-pad npm incident, it was a big news back than, it has its own section on wikipedia: https://en.wikipedia.org/wiki/Npm#Dependency_chain_issues
I always reel in horror when projects have tiny, 'negligible to implement yourself' functions like these as dependencies. See also: is-even 🙄
Edit:
is-evenhas a dependency onis-oddwhich has a dependency onis-number. 🤦♂️I think
is-oddis intentionally a reference to / satire ofleftpadIt was created in 2014, 2 years before the leftpad incident, when a user was learning JavaScript. They now have over 350k downloads per week.
However, https://github.com/slmjkdbtl/is-is-odd/issues/4 is a wonderful work of satire.
And the whole implementation of is-number which is at version 7.0.0:
module.exports = function(num) { if (typeof num === 'number') { return num - num === 0; } if (typeof num === 'string' && num.trim() !== '') { return Number.isFinite ? Number.isFinite(+num) : isFinite(+num); } return false; };The node.js ecosystem has always been madness.
At this point it’s just a joke. Is there a npm for console log? I’ll have to check.
JavaScript is a dangerous shitshow for this exact reason. Dependencies are a security and stability nightmare.
I can't even...
Yes you can, just don't odd
The only part of the story that I'm pissed at is NPM corporation restoring content on their server that they didn't own and published it to millions for profit.
Koçulu removed left pad. It was his code.
Can you imagine the lawsuits if when Disney pulled the license for Avengers on Netflix, Netflix responded with:
"Millions of customers got errors that Marvel Avengers is missing. So we put Avengers back on our servers."
You can't have copyright protection on something so simple.
Depending on the license it is published under, you sure can.
11 lines of code shouldn't be a package.
you should see the "is_odd" package...
it's like, return (num%2)? true:false
People using this deserve that their code breaks. Absolutely ridiculous.
Neither this, nor the leftpad thing, nor this is-even “package” are things I would even think about for a second before just writing it on my own. I wouldn’t even consider those features (let alone packages to depend my code on!) but basic programming.
I remember it live as it was happening. It was fun.
Nice run on sentence in your title. Great job.
It's 11 lines of trash code too.
The way the function reallocates memory would bring your computer to a crawl on a large string.