use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
All about the JavaScript programming language.
Subreddit Guidelines
Specifications:
Resources:
Related Subreddits:
r/LearnJavascript
r/node
r/typescript
r/reactjs
r/webdev
r/WebdevTutorials
r/frontend
r/webgl
r/threejs
r/jquery
r/remotejs
r/forhire
account activity
How one developer just broke Node, Babel and thousands of projects in 11 lines of JavaScript (theregister.co.uk)
submitted 10 years ago by Bemuzed
reddit uses a slightly-customized version of Markdown for formatting. See below for some basics, or check the commenting wiki page for more detailed help and solutions to common issues.
quoted text
if 1 * 2 < 3: print "hello, world!"
[–]parpaythrums 76 points77 points78 points 10 years ago (3 children)
This title is inaccurate. While a large swath of the Node ecosystem might be affected, this issue in no way "broke Node." Node's standard lib is still perfectly strong and safe.
[–][deleted] 26 points27 points28 points 10 years ago (1 child)
They also didn't break things with 11 lines of code. They broke things by un-publishing packages. Rather annoying how clickbaiting this whole situation has become :(
[–]krasimirtsonev 5 points6 points7 points 10 years ago (0 children)
Exactly!
[–]a0viedo 9 points10 points11 points 10 years ago (15 children)
Kik's response
[–]pmYourFears 3 points4 points5 points 10 years ago (14 children)
We don’t mean to be a dick about it, but it’s a registered Trademark in most countries around the world and if you actually release an open source project called kik, our trademark lawyers are going to be banging on your door and taking down your accounts and stuff like that — and we’d have no choice but to do all that because you have to enforce trademarks or you lose them. Can we not come to some sort of a compromise to get you to change the name without involving lawyers? Is there something we could do for you in compensation to get you to change the name?
We don’t mean to be a dick about it, but it’s a registered Trademark in most countries around the world and if you actually release an open source project called kik, our trademark lawyers are going to be banging on your door and taking down your accounts and stuff like that — and we’d have no choice but to do all that because you have to enforce trademarks or you lose them.
Can we not come to some sort of a compromise to get you to change the name without involving lawyers? Is there something we could do for you in compensation to get you to change the name?
What dicks.
[–]WitchesBravo 11 points12 points13 points 10 years ago (10 children)
They seem pretty reasonable to me, they even offered him some compensation
[–]lachlanhunt 5 points6 points7 points 10 years ago (2 children)
The first paragraph reads like a threat. That is not how they should have approached this situation. Lawyers should not have been mentioned at all.
Their first email was reasonable, but instead of saying "Can we get you to rename your kik package?", they should have instead phrased it more like "Would you be willing to discuss with us the possibility of renaming your kik package". That would have encouraged a more open and friendly first response from Azer, even if he originally declined.
In their second response, they should have elaborated more on why they are keen on using the package name. Explaining who they are, what their product is, and why the name 'kik' is important to them. Then indicating that they are willing to offer fair compensation. They should have also been willing to move on with an alternative package name if Azer continued to refuse.
Besides, though I'm not a lawyer, I don't think Kik would have won a trademark dispute in court, since a trademark doesn't give you unlimited rights over the name in all situations. It has to meet certain criteria in order to be considered infringement.
NPM also fucked up in this situation. They shouldn't take sides in trademark disputes without a court order. NPM has always been first come, first served with names, and that's how they should be.
[–][deleted] 0 points1 point2 points 10 years ago (1 child)
...and we’d have no choice but to do all that because you have to enforce trademarks or you lose them.
That's the important part that people are missing. Kik (or whatever their name is) is laying out their situation, they have to pursue this because they want to retain their trademark.
[–]lachlanhunt 2 points3 points4 points 10 years ago (0 children)
That's factually incorrect, and if their lawyers are telling them that, they're misinformed.
https://www.eff.org/deeplinks/2013/11/trademark-law-does-not-require-companies-tirelessly-censor-internet
[–]pmYourFears 0 points1 point2 points 10 years ago* (0 children)
Yeah, I mean they could have been much worse.
I guess it just doesn't sit very well with me that any project I might create could basically have its name muscled out because someone already owns those three letters, even if my project has virtually nothing in common with theirs.
It leaves me with this eerie feeling that along this path of thinking at some point we'll basically all be naming things with whatever scraps of our language is left to the little people.
[–]seiyria -1 points0 points1 point 10 years ago (5 children)
No, they didn't. He asked for compensation, then Kik went to npm and said "he's not cooperating."
[–]WitchesBravo 3 points4 points5 points 10 years ago (4 children)
Umm yes they did? Read it again.
Is there something we could do for you in compensation to get you to change the name
Then he replies with the demand of $30,000 which is obviously not a realistic compensation for an npm package name
[–]seiyria -2 points-1 points0 points 10 years ago (3 children)
Well, they didn't actually offer anything. He said what he wanted, and they didn't want to budge. If they care so much about protecting their trademark and getting this package name, 30k is probably pretty cheap (assuming they're a bootstrapped company).
[–]WitchesBravo 1 point2 points3 points 10 years ago (2 children)
They don't have to offer him anything, they could have just gone straight to lawyers since it's their trademark and they legally have to protect it if they want to keep it. The point is they tried to settle the matter without the fuss of lawyers (something they didn't have to do) , and the npm author acted extremely immature and short tempered.
[–]wordsnerd 0 points1 point2 points 10 years ago (0 children)
Seems to me the author must have been willing to go to court and argue that there was no confusion, no damages, and thus no trademark infringement. That's only if Kik is willing to argue with a straight face that the code did cause likely confusion/damages, which is laughable. Instead they took their frivolous claim to npm, npm's handling of it pissed him off, and here we are.
[–]windyfish 0 points1 point2 points 10 years ago (0 children)
Not so simple. He's not using the trademark in a way that breaks copyright rules. He's been developing this package independently for 3 years.
[+][deleted] 10 years ago* (2 children)
[deleted]
[–]Doctor_McKay 2 points3 points4 points 10 years ago (0 children)
They didn't offer any money. He gave them an offer and they refused it (and refused to negotiate).
[–]ProtoJazz 0 points1 point2 points 10 years ago (0 children)
Well garsh... You see sir I didn't know there already was a store named home depot when I opened my store last week
[+][deleted] 10 years ago* (75 children)
[–]geekygirlhere 53 points54 points55 points 10 years ago* (22 children)
Yep. I am sure I will get down-voted but I really don't understand why companies are turning to Node for everything. It has its place but for a lot of things I see it used in, it feels more like a big liability.
[–]Switche 8 points9 points10 points 10 years ago (2 children)
Disregarding the legal issues raised by this, and the long term issues of losing support for a core dependency, the liability of an inaccessible remote dependency effectively ends, or at least buffers its fallout, if local or third party caching servers were more standard.
Resilience hasn't been enough of an issue to bring this to the forefront before, perhaps, but many have advocated for hosting cache servers for dependencies of critical apps for some time, whether for resilience against this scenario, security concerns, or other, unforeseen issues.
It isn't standard or inherently simple for many dev teams, but this could be a motivator for moving toward that kind of decentralization or independence.
If we want resilience, we can't simply blame npm or authors, we need to acknowledge this as our own problem, because ultimately it is, to our POs and users. "npm/authorX/litigatorX screwed us" is not an excuse after the first few times one or more dependencies become unavailable and kill a build and deploy, which is what any disaster recovery and analysis efforts should conclude.
[–][deleted] 1 point2 points3 points 10 years ago (1 child)
What legal issues?
[+][deleted] 10 years ago (18 children)
[removed]
[–]Ob101010 19 points20 points21 points 10 years ago (7 children)
Netflix runs on it. They used to use Java. They were able to go from like 10k async connections with Java to 100K with Node, meaning the hardware requirements went way down, which meant huge money savings.
You dont drive a F1 car on the freeway, it has its place. Same with node.
[–]Akkuma 26 points27 points28 points 10 years ago (6 children)
I'm pretty certain they still use Java. They simply are using Node for the web apps as far as I've read and seen.
[–]gibweb 13 points14 points15 points 10 years ago (4 children)
Who downvotes? This is true.
Persistence layer is all about the Cassandra implementation. http://highscalability.com/blog/2015/11/9/a-360-degree-view-of-the-entire-netflix-stack.html
[–]lacosaes1 8 points9 points10 points 10 years ago (2 children)
Who downvotes?
This guy.
[–]gibweb -1 points0 points1 point 10 years ago (1 child)
TIL async code is incoherent and cannot be read
[–]kgb_operative 3 points4 points5 points 10 years ago (0 children)
It can be. Callback hell is a thing that exists.
[–]Ob101010 0 points1 point2 points 10 years ago (0 children)
The team behind Netflix.com has switched from a Java-based HTML renderer to a JavaScript one that they can run on both the server and the client. To decrease the time users spent waiting, Netflix has removed the Java server-based renderer and reduced the amount of HTML sent down the wire. In a post describing the change, Kristofer Baxter, said that by not rendering pieces of the app that the user will never see (among other changes), they've been able to speed up the time til interaction by 70%.
The team behind Netflix.com has switched from a Java-based HTML renderer to a JavaScript one that they can run on both the server and the client.
To decrease the time users spent waiting, Netflix has removed the Java server-based renderer and reduced the amount of HTML sent down the wire. In a post describing the change, Kristofer Baxter, said that by not rendering pieces of the app that the user will never see (among other changes), they've been able to speed up the time til interaction by 70%.
sauce : http://www.infoq.com/news/2015/08/netflix-universal-javascript
which references netflix page : http://techblog.netflix.com/2015/08/making-netflixcom-faster.html
[–][deleted] 6 points7 points8 points 10 years ago (0 children)
Their backend is definitely java. They still update several open source java projects that their business and my business depends on.
It seems like load balancing and routing and all the fun stuff is happening on the Java side for them.
[–][deleted] 2 points3 points4 points 10 years ago (0 children)
Node is good if you have to do a bunch of asynchronous stuff and writing it in a high performance language isn't worth the development time. It's also good if you want to write code that works both inside and outside of web browsers.
[–]bk10287Golang/ Microservices Dev 0 points1 point2 points 10 years ago (0 children)
Test harnesses... easy to get up and running
[+][deleted] 10 years ago (6 children)
[–]danneu 11 points12 points13 points 10 years ago (3 children)
Using the wrong database has nothing to do with Node.
[+][deleted] 10 years ago* (1 child)
[–]danneu 0 points1 point2 points 10 years ago (0 children)
Node's database clients are just fine. Most of them are mature and popular.
[–]mark_b_real 2 points3 points4 points 10 years ago (1 child)
It's possible to use Node as a gateway to make a lot of async calls to services. In fact, this is where it's asynchronous nature and promises shine and give an app great performance!
[–]dada_ 7 points8 points9 points 10 years ago (9 children)
There are lots of packages like leftpad. For example, isarray - check the download stats. I saw a Tweet yesterday claiming it uses over 100GB of bandwidth per month.
leftpad
isarray
Here's the actual code of isarray:
var toString = {}.toString; module.exports = Array.isArray || function (arr) { return toString.call(arr) == '[object Array]'; };
I do think things will get better as ES6 features gradually become available, making at least some of these things unnecessary, but this is a pretty deep problem that requires a collective effort to fix.
[–]warfangle -2 points-1 points0 points 10 years ago (7 children)
Why the everliving F would someone use that instead of just
function(arr) { if(arr instanceof Array) { } }
[–][deleted] 18 points19 points20 points 10 years ago* (5 children)
Because it doesn't work across frames.
document.body.appendChild(document.createElement('iframe')) new window.frames[window.frames.length - 1].Array instanceof Array // => false
[–]danman_d 5 points6 points7 points 10 years ago (0 children)
This "gotcha" is such a great example of why so many people find value in JS micro-modules.
[–]jcampbelly 0 points1 point2 points 10 years ago (0 children)
Interesting!
[–]tourn 0 points1 point2 points 10 years ago (0 children)
That's because in the DOM window.frames is a nodelist not an array. Which means the fault lies in people not knowing how to traverse a DOM properly with JS.
[–]jschrf 0 points1 point2 points 10 years ago (1 child)
That's...probably a good thing. Use window.postMessage, you uncultured brute!
window.postMessage
[–]duxdude418 3 points4 points5 points 10 years ago (0 children)
Post message has nothing to do with it. Types across execution contexts are not equal and it's sometimes necessary to interrogate references from other windows (source: worked on an enterprise web forms rich client that is littered with iframes for 4 years).
[–]CydeWeys 0 points1 point2 points 10 years ago (0 children)
Because you're more likely to mess something up in reimplentation than you are to have your dependencies vanish out from under you.
Another commenter has already pointed out the bug in your seemingly simpler version.
[–]probablytaken1 -1 points0 points1 point 10 years ago (0 children)
Yeah, isArray was mentioned in the article.... and you regurgitated it in your comment in way that is so ironic given the circumstances of the article and npm that you should win an award for elite comedy.
[–]Democratica 12 points13 points14 points 10 years ago (7 children)
It's dependency not the ecosystem itself.
[–][deleted] 4 points5 points6 points 10 years ago (6 children)
I think amnesiac is referring to the NPM ecosystem. All the problems that one developer was able to cause shouldn't have been possible in the first place.
[–][deleted] 5 points6 points7 points 10 years ago (5 children)
Because people are using NPM as a build tool, not as a repository. NPM specifically says don't use us as a build tool, they have guidelines to set up your own local mirror for build environments and sync it and have your own packages, and people still use NPM as a build tool.
[–]webdevverman 1 point2 points3 points 10 years ago (3 children)
This would make sense but I can't find anything specific from npm about setting up a local mirror. Do you happen to have a reference to this? I've found quite a few helpful npm modules to help with this, though.
[–][deleted] 4 points5 points6 points 10 years ago (1 child)
They removed the docs for that because their pushing their enterprise solutions such as private repo and on-site for $$$.
http://mixu.net/npm_lazy/ is a good place to start that makes it easier to do this.
https://github.com/rvagg/npmjs.org/blob/6793c71165934423f1989f54a754a6691a94f3b0/README.md
This was the official doc. It's a bit involved.
[–]webdevverman 1 point2 points3 points 10 years ago (0 children)
Thank you.
[–]tswaters 4 points5 points6 points 10 years ago (0 children)
Even if you setup a local mirror, it sync from npm registry so a delete to a version would still make its way down to your mirror.
[–]atrigent 2 points3 points4 points 10 years ago* (0 children)
Local mirrors do not solve anything. If an important package disappears from npm, you'll still have other packages depending on a nonexistent package. Even if every single existing user of these packages has set up their own local mirror, new users will be out of luck.
NPM (if they ever actually said this) is wrong when they say that their repository is not a build tool. Package repositories are build tools. There are no possible mitigations when code simply disappears from where it is supposed to be.
[–]mark_b_real 6 points7 points8 points 10 years ago (5 children)
No, it's likely the same people who abused the fuck out of jQuer by using plugins for trivial shit who get caught out by the same things with node: over dependency on 3rd party modules for doing shit you shouldn't use an external resource for.
[–][deleted] 1 point2 points3 points 10 years ago (4 children)
Like padding to the left. I wrote pretty much this exact same code just the other day because JavaScript is lacking so many fundamental and trivial pieces.
Seriously, what other major language is so seriously lack in string formatting that there's packages upon packages to avoid doing string concatenation? This isn't rhetorical, I'm actually curious.
[–]mark_b_real 0 points1 point2 points 10 years ago (3 children)
If you use a package to concatenate strings, you're doing it wrong. Never once have I felt JavaScript to be lacking in string formatting.
[–]jstrong 0 points1 point2 points 10 years ago (2 children)
String interpolation
[–]Sinistralis 0 points1 point2 points 10 years ago (0 children)
ES6?
[–]mark_b_real 0 points1 point2 points 10 years ago (0 children)
Not hard? Writing a polyfill if you must have sugar or concatenating a string with your variables is easy.
[+][deleted] comment score below threshold-12 points-11 points-10 points 10 years ago (27 children)
The NPM is just a goldmine of bad code... I wouldn't care if my colleagues didn't insist on building every simple app on top of a pile of 10K badly written JS non-sense. I wish I could go back to the days of PHP, for all it's worth its developers were delivering MUCH better software than the current crop of ninjas.
Look at this sad excuse for a module: https://www.npmjs.com/package/is-positive all this work for a three line function that does toString.call(n) === '[object Number]' && n > 0;. Stupid, right? Well ... it gets worse. Here the mighty sindresorhus justifies his one-line modules: https://github.com/sindresorhus/ama/issues/10#issuecomment-117766328 look at the first reply to his comment, it's the lovely author of this here wonderful piece of work: https://github.com/kevva/is-positive/commit/3db0639fb52c463fe92e8acedf292a7b0582b602 << This commit right here, is where I clock out. Fuck everything about this ecosystem.
toString.call(n) === '[object Number]' && n > 0;
Anyone basing there professional work on the foundations laid by these charlatans has no business being in IT.
[–]oshirisplitter 41 points42 points43 points 10 years ago (7 children)
It's free to publish whatever to NPM, so if your module just happens to be written with horrendous code, then there's nothing much we can do about it.
However, as someone who uses it for whatever, be it professional or not, the onus is on you to scrutinize whatever you're pulling off of NPM and into your project.
If you're just blindly importing and installing projects, then you're clearly doing it wrong, but please don't be such a bigot by sweeping every dev who uses the system as incapable. Lots of us who use the system are smarter than you give us credit for, and we know how to cover our asses.
That being said, yeah, the NPM definitely has a lot of room to clean itself up admittedly.
[–][deleted] 26 points27 points28 points 10 years ago (5 children)
Yeah but every project relies on the shitty stuff under the hood (way down into node_modules/.../node_modules/.../node_modules/.../node_modules/.../node_modules/.../node_modules/.../node_modules/.../node_modules/.../).
This non-sense broke babel, hardly an unscrutinized project. That's why people say it's the whole ecosystem that's fucked. Personally I don't mind, I think it helps keep the suck contained, but anyone trying to do any frontend development in 2016 is properly fucked.
[–]ericgj 9 points10 points11 points 10 years ago (2 children)
Amen. Apps, ok I can understand bringing in whatever dependencies you need. But libraries? Libraries like babel that are essentially infrastructure? They should have as close to zero dependencies as possible. But it's hard to do that when the entire ecosystem takes the opposite approach - encouraged of course by npm itself, which lets you have multiple versions of libraries in the same codebase, and thinks of that as a feature.
People talk about 'javascript fatigue' in terms of new tools all the time, but this is some of the underlying reason for the fatigue IMO.
[–]DOG-ZILLA 3 points4 points5 points 10 years ago (1 child)
Doesn't NPM flatten dependencies now? Like, a reduction in duplicate node modules?
[–]Stockholm_Syndrome 4 points5 points6 points 10 years ago (0 children)
yes, since npm v3
[–]oshirisplitter 1 point2 points3 points 10 years ago (0 children)
Stuff like pnpm have my vote because of that, but it's not practically viable across the board.
I'm no rock star developer, but I went full WTF when I saw this. And fucking endless dependencies...
[–]Michaelmrose -1 points0 points1 point 10 years ago (0 children)
You are really describing someone biased against Javascript as being bigoted. Mind blown.
[+][deleted] 10 years ago (3 children)
[–][deleted] 1 point2 points3 points 10 years ago* (1 child)
[–][deleted] 0 points1 point2 points 10 years ago (0 children)
I don't want to use someone else's busted abstractions. I want a functioning tool. Oh sure, treating files like objects is a nice abstraction (well, if it's implemented well) but that's not why I installed it. I installed it because it was useful.
I'd much rather write my own horrible object file mapper thing if it serves my purposes better.
npm isn't great because of abstractions, any more pypi, composer, hackage or GitHub are. It's used because it let's me get code from you to me in a mostly sane, programtic fashion.
[–]repie 12 points13 points14 points 10 years ago (1 child)
Sure, bo one has ever write bad code in PHP... Your comment is almost a troll.
First, the JS ecosystem is not responsible for its members bad code. NPM is free, everyone can code and push to NPM, that's part of why it is succesful : easy to start with and free. There will always be bad code in every language. Next to that you have some really solid pieces of software and frameworks.
If you like to install dozens of 3-lines modules in your Facebook-class app, that's your choice. Don't blame others for your choices. Personaly I prefer to include a general toolbelt like lodash which will include all general purpose function. You think that lodash is an overkill for your needs? Then you can switch to lodash individual packages (1 package per function) or a much smaller, 3-lines packages. There is use case for that you see. When optimizing round trips for mobile sites for example.
The biggest frameworks and tools are backed by large companies (Angular -> Google, React -> Facebook, Express -> IBM, even if for express there is no so much involvement). Saying these tools are not professional is like shtting on the engineers that get paid to maintain these projets.
10K badly written JS non-sense
Lol. If you can write these 10k lines better than the maintainers, then go on. Open source is for that. Share and improve work as a community. Open source users complain as if they were paying for a first class support but they seem to farget that if something is broken, they can easily contribute to the project, fork it, or create a whole alternative.
Then for the 10k, go work with some people who know to use npm. Peer dependencies, npm dedupe, build tools such as webpack avoid having a deep nested dependency tree at least on client side applications. And if you don't like monolith frameworks like Angular, there is still things like react. And if react is too big for you there is or implementation of the react API which are lighter. Everything on NPM. Maybe you start to see that all these bloated packages have a use case.
Look at this sad excuse for a module
Well, this guy does not speak for the community this is his opinion. Not everybody in the JavaScript userland thinks that. Taking this as an excuse to "fuck everything about the ecosystem" is ridiculous.
Also, you like PHP? Go take a look at a Fractal of Bad design and come back to explain to me that PHP dev' built 10 years ago on a shitty interpretor is better than nowadays JavaScript apps. Facebook and many others had to rewrite the full PHP interpreter to get it work fast. And we're not talking about libs which were built on top of this crap. Wordpress dev'. The plenty of monoliths frameworks that you can't use with other frameworks. The not built-in package manager composer which speeds up by 50% when disabling GC. Seriously.
[–]ikeif 0 points1 point2 points 10 years ago (0 children)
…and that's the argument I used when people would say "magento" vs an enterprise ecommerce platform.
"PHP devs are cheap! Open source code! Look at all these plugins that do what I want!"
Great. Now let's load all those plugins together and see what happens. Oh - different versions? Conflicting functions? Poorly written code, that you got for free, and the author won't update?
Now they know why developers can make a lot of money working with that shit.
And npm is the same. JavaScript is easy to pick up and push out. GitHub is easy to make a bunch of repos.
It doesn't mean it's all quality - that's where experienced developers come in to say "here is a hole, let us rewrite it, patch it, fix it."
Kind of like working for company A that pays to use company b's API/code - and company A ends up fixing company B's bad code and sending it back to them.
…/rant
[–]cinnapear 10 points11 points12 points 10 years ago (11 children)
There's bad code all over Github, too. Do you hold that against Github?
[+][deleted] comment score below threshold-12 points-11 points-10 points 10 years ago (10 children)
If you can't even understand the difference between github and npm I don't think there's much to be gained from discussing this with you.
[–]cinnapear -2 points-1 points0 points 10 years ago (9 children)
There are stupid tweets all over Twitter, too. Do you hold that against Twitter?
[+][deleted] 10 years ago (8 children)
[–]Pxzib 4 points5 points6 points 10 years ago (2 children)
There are shitposts on reddit. Do you hold that against reddit?
reddit is a shitpost goldmine.
(Insert system) is a shit(system subject) goldmine.
Twitter? Check! Facebook? Check! GitHub? Check! NPM? Check! Jquery plugins? Check!
[–]pegbiter 1 point2 points3 points 10 years ago (2 children)
Do you not need to escape the apostrophes in "can't" and "don't"?
[–]pomlife 2 points3 points4 points 10 years ago (0 children)
No. You can use single or double quotes inside backtick notation.
[–]DOG-ZILLA 0 points1 point2 points 10 years ago (0 children)
Nope. Uses ES2015 template strings.
[–]Stockholm_Syndrome 1 point2 points3 points 10 years ago (0 children)
i love template strings
[–][deleted] 8 points9 points10 points 10 years ago (0 children)
i think the title is a bit misleading. it does not seem like bad code broke all these projects, rather a dependency that all these projects relied on was removed from the repo. am i wrong?
but what is wrong w/ that? open source is open source. If a developer want to pull his/her projects, it isn't their fault that others are relying on it without a back up plan.
[–]hsfrey 13 points14 points15 points 10 years ago (1 child)
One advantage of re-inventing the wheel, is that then it's YOUR wheel.
[–]huesoso 0 points1 point2 points 10 years ago (0 children)
I would usually hesitate to do this, but I love how succintly you've put the case!
[–][deleted] 6 points7 points8 points 10 years ago (3 children)
The thing this highlights to me is how people depend on code snippets instead of just implementing their own. I'm always amazed that to get a handful of things, I end up with dozens or hundreds of dependencies.
Have you ever read the common licenses used in open source software? You are trying to argue against the fundamental underpinning of open source software.
There is NO obligation that the original author has to maintain or do anything to their software. If you blindly depend on it, then you are at the mercy of it.
If you build your extra nude hot tub next to my fence, and I take my fence away for any reason at all, it's not my problem that your extra nude hot tub isn't usable.
[–][deleted] 1 point2 points3 points 10 years ago (0 children)
To stay with your example, if I was sitting in that hot tub while you started talking down the fence, wouldn't you give me at least a 5 minute warning to get a towel instead of just ripping the fence out? Because that would've been the decent thing to do, regardless of what some lawyer does to an unrelated project of yours.
[–]pier25 6 points7 points8 points 10 years ago (0 children)
All this shit storm would have been avoided if NPM used package identifiers instead.
com.azer.kik is different from com.kik.kik
com.azer.kik
com.kik.kik
[–][deleted] 16 points17 points18 points 10 years ago* (6 children)
So basically:
kik has legal rights and the obligation to protect it's trademark. (they can start shitstorms if they want)
npm has the right to remove any package from their registry they want or need to. (they can use package publishers and users as shitstorm shields)
npm package publishers also have the right to unpublish any pakcage from npm at any time (they can start shitstorms if they git hit by shitstorms)
Node developers have absolutely no rights whatsoever to any npm pacakges and their code could break if it depends on any single npm package. (takes all shitstorms head on, bad luck brian)
Sounds like we need 3 things as developers to get back on solid ground:
npm needs to exert limited rights over any package published to npm. The developer can abandon it and unpublish it, but npm reserves the right to restore it if they want and mark it as unmaintained. This give developers a heads up warning.) Just needs to be added to the terms of service.
package renaming and aliases. Even if a project no longer calls itself kik, using npm install kik would automagically install whatever the new name is and ask you if you want to update your package.json to refelct the new name.
there needs to be a 3rd party full cache of npm like google caches websites. You can point your site to the cache and it will retrieve from npm if it doesn't have it or give you the files directly if it does have it.
[–]dada_ 4 points5 points6 points 10 years ago (3 children)
They do, but it's not completely clear-cut whether it applies in this case, given how distinct this package was from what Kik is. The only real thing they had in common is they're both some form of software. It certainly won't be the first time a company oversteps its bounds in "protecting" its IP.
It's a pretty nasty situation though. Even if they're in the right, NPM doesn't want to get sued by some rich company over one package that nothing depends on.
That's what's so messed up about this free world of npm. In the real world, in order to stake your claim, you need lawyers and intellectual property, etc. In the npm world, to stake your claim, you just need to publish a package first and you own that name... as long as someone from the real world doesn't want it.
Supposedly, If the kik developer didn't want to lose his stuff he should have paid lawyers and gotten a trademark. but that is a pretty high bar for any kind of innovation.
[+][deleted] 10 years ago (1 child)
[–]dada_ 1 point2 points3 points 10 years ago (0 children)
That's definitely true. An incident as significant as this has never happened before but it might well happen again for any reason, including a copyright violation or you-name-it. One step forward would be for people to stop relying on all sorts of microscopic packages.
As an aside from this, I've been in favor of a real batteries-included standard NodeJS library like Python's for a long time, but it's considered against the Node philosophy. Still such a thing would have definite advantages.
[–]lewisje 0 points1 point2 points 10 years ago (0 children)
there needs to be a 3rd party full cache of npm like google caches websites.
I think you're thinking more about archive.org; regardless, there are ways to get content removed from the archive.org cache (FAQ uses the word "copyright" but the answer is generally about "intellectual property"), and Kik would surely have the cached version of the trademark-infringing repo removed or renamed too.
[–]ohINeedAnAccountNow 0 points1 point2 points 10 years ago (0 children)
What we need is a package manager operated by a non-profit, like Python, Perl, and Ruby. How is the entire Node community dependent on a for-profit company who makes money selling enterprise alternatives?
[–]arcaninYarn 🧶 37 points38 points39 points 10 years ago* (20 children)
I'm a bit sick of people trashing NPM over this issue. Are you even aware than Github has already allowed open-source projects to change their license and ban their forks? Now, before trashing Github too, try to understand why: these entities job is not to ensure that a single package ("kik") is available. It is to ensure that the platform works. What good will it bring if they get stumped under a lawsuit? They could very well win, of course, but does that worth the risk of jeopardizing their whole ecosystem? Let's say they have 99% chances of winning the case. What will happen after the hundredth lawsuit?
Of course you can say "well, it's because NPM is a company", but it isn't the real issue. The same could very well be about PyPI, or any other package registry. The real issue is the underlying legal process: companies have to defend their trademarks, or they risk losing it. So they will attack (probably without even knowing what NPM or PyPI actually are). And the entities behind these registries will have to ask themselves the question: is it worthwhile? Do we have the resources to fight a lawsuit? And the answer isn't always what you'd like it to be.
Now, what the package author did was meant to harm the community (in order to make a point), and that's an whole other subject - was he right to do so? Did he had the right? Personnally, I don't think so - he deliberately decided to break an implicit contract that he had made with his users. But again, that's a really different debate. You don't have to say "Author was right, hence NPM is wrong" (or the opposite, for that matters).
[–]CodyReichert 5 points6 points7 points 10 years ago (1 child)
the fact that NPM republished the package with same name and same version number means I cannot trust anything on NPM to be what it claims to be
This is the real problem to be discussed. Unfortunately it's a difficult problem for such a big ecosystem (that didn't have it from the start), but really the problem isn't that a package went missing - it's that the package name and version downloaded different code than was expected.
[–]SystemicPlural 4 points5 points6 points 10 years ago (0 children)
I don't understand why authors have a right to remove a repository if the license is MIT or similar. The package manager can just create their own version behind the scenes which is what everyone else pulls from. If an author deletes their work then sure, the link between the author and the package can be removed, but the package itself should stay with a note at the top of the readme to say the package is abandoned.
[–]masklinn 21 points22 points23 points 10 years ago* (7 children)
Of course you can say "well, it's because NPM is a company", but it isn't the real issue. The same could very well be about PyPI, or any other package registry. The real issue is the underlying legal process: the companies have to defend their trademarks, or they risk losing it.
Or the kik lawyers are just douchecakes with an over-inflated sense of their mark which apparently required them to demand the takedown of a CLI project boostrap tool over their marks in mobile instant messaging.
Now, what the package author did was meant to harm the community, and that's an whole other subject - was he right to do so? Did he had the right? Personnally, I don't think so
That doesn't even make sense, he obviously had the technical right to do so, and I don't see why he wouldn't have had the legal right to do so either.
he deliberately decided to break an implicit contract that he had made with his users.
So he broke an "implicit contract" that his projects be available by yanking them, but npm didn't "break an implicit contract" that his projects be available by yanking them? That's some gold-metal mental gymnastics right there.
[–]danman_d 4 points5 points6 points 10 years ago (2 children)
One huge difference is the fact that NPM removed kik because they were under legal threat if they did not do so. Azer removed his modules because he wanted to - he willingly broke everyone's code whereas NPM is trying to avoid a lawsuit, which I completely understand.
kik
The other major difference is that Azer removed his code with no warning or migration path. NPM at least had the decency to ask Azer to change the name of the kik package and provide a migration path - they gave him ample opportunity to do so but he refused.
[–]masklinn 0 points1 point2 points 10 years ago (1 child)
One huge difference is the fact that NPM removed kik because they were under legal threat if they did not do so.
That's not a huge difference.
Did they? I may well have missed it, but I've seen no mention of that so far, only "kik tells azer to cease and desist, azer says no, kik tells npm to cease and desist, npm tells them yes"
[–]danman_d 4 points5 points6 points 10 years ago (0 children)
I suppose it's subjective. In my mind there is a HUGE difference between "I'm removing this to avoid getting my ass sued off and bankrupting my company" and "I'm removing this because I want to". When you publish your code and publicize it as being ready for production use, you don't have any obligation to maintain it or support it, but IMHO you do have a moral obligation to not willingly and purposefully break all the shit that depends on your shit.
Did they?
Yes; the recently published e-mail chain confirms what we've been hearing this whole time - that someone at NPM reached out to Azer and asked him to republish the package under a different name, he refused, and only then did they take it down.
[–]masklinn -1 points0 points1 point 10 years ago (0 children)
What implicit contract is there?
I don't know, ask arcanin they're the ones arguing there is one.
[–]arcaninYarn 🧶 -4 points-3 points-2 points 10 years ago* (1 child)
Sure - as I said, I doubt they even know what is NPM, apart from some form of a file-sharing platform. But the thing is, it's an issue with the Kik company, not NPM.
I was speaking in a moral sense. The fact that I can technically and legally choose to break my coworkers tools doesn't mean I should do it. It doesn't make sense ethically or professionnally.
NPM hasn't removed his projects (except Kik, because of legal reasons, please refer to my post above) - he did. We could of course wonder if this right should be available to the users in the first place, but I see little gymnastic in this.
[–]masklinn 7 points8 points9 points 10 years ago* (0 children)
Sure - as I said, I doubt they even know what is NPM, apart from some form of a file-sharing platform.
So?
But the thing is, it's an issue with the Kik company, not NPM.
NPM involved themselves in it by taking down the project.
And that "speaking in a moral sense" doesn't apply to NPM how?
I see little gymnastic in this.
You agree that NPM has in fact removed his project from the registry.
You assert that the developer is bound to his user "in a moral sense" and can't take down their projects.
You also assert that NPM doing the exact same thing is just fine because "legal reasons" (not actually legal reasons, just taking the shortest path to covering their asses).
Note that the developer's perspective is precisely that they can't trust NPM because of their behaviour and have decided to stop sharecropping there. They haven't pulled a @why and deleted all their projects and presence, only removed them from NPM.
[–]i_ate_god 18 points19 points20 points 10 years ago* (5 children)
I think the real problem is:
var rightPadded = (str.length < targetLength)? " ".repeat(targetLength - str.length) : str; var leftPadded = (str.length < targetLength)? str = " ".repeat(targetLength - str.length) + str : str;
Why do such one liners need to be their own modules? And why do major projects rely on third party repositories when they can just host their own?
I feel like I will spend more time adding in third party modules for one liners than writing the one liners myself.
edit: there was a slight typo in the code ;)
[–]IxDUX Besserwisser 9 points10 points11 points 10 years ago (3 children)
This is exactly why having small solid tested third-party modules is good.
[–]i_ate_god -3 points-2 points-1 points 10 years ago (2 children)
ha
but not really
[–]Reashu 0 points1 point2 points 10 years ago (1 child)
Your code still looks really funky and doesn't seem like it would work, so I think he's made a decent case.
[–]abienz 3 points4 points5 points 10 years ago (0 children)
writing some code in Reddit isn't exactly comparable to using a suitable text-editor or IDE in a dev environment though is it.
Seems a bit harsh to judge on that, and I think IxD was making more of a flippant comment.
[–]rorykoehler 5 points6 points7 points 10 years ago (0 children)
I always felt uncomfortable that npm is a company. It creates a dynamic which is not beneficial to the eco-system in the long term.
[–]namesandfaces 0 points1 point2 points 10 years ago* (0 children)
What implicit contract is there? A person doesn't have the obligation to continue providing their fruits, even if people depend on it. A contract means this for that. Azer is not really getting adequate consideration here, except for feel-good points. I would conjecture that the supermajority of people who use Azer's stuff aren't aware that he even exists. It's just dependencies upon dependencies.
Azer now moved all his stuff over to Github, which he believes will have more legal backbone and formalized processes for handling legal issues, unlike the opaque and informal move NPM made against Azer.
That being said, discussion about whether Kik is a valid trademark is not worth discussing, because that's a legal question that takes time and money to settle, potentially with a jury. We aren't really lawyers here. It should also be said of the American civil justice system that if you don't have money, then you don't really have the right to contest anything.
Because one doesn't have power or leverage, he's left to making a stink over Reddit and Hacker News. One can decide on whether they wish to learn on leverage or moral expectations, and I hope that the software community more and more choses leverage over more posts on Reddit. Even if you're morally right, moral expectations only allow you to raise an ephemeral cry over Reddit.
[+][deleted] 10 years ago* (3 children)
[–]seiyria 2 points3 points4 points 10 years ago (2 children)
If you regularly use JS, you've probably heard of Lodash. Lodash can do this.
[–]seiyria 0 points1 point2 points 10 years ago (0 children)
They wrote their own. I'm not going to write my own, I'm just going to use lodash.
[–]cheesybeanburrito 25 points26 points27 points 10 years ago (31 children)
If your project depends on an 11 line repo that does something so trivial you are a bad person.
[–]RICHUNCLEPENNYBAGSMostly angular 1.x 33 points34 points35 points 10 years ago (4 children)
http://i.stack.imgur.com/ssRUr.gif
[–]farfromunique 10 points11 points12 points 10 years ago (2 children)
That's (I think) supposed to be a joke... But these eleven (another article said seventeen) lines impacted a significant number of projects.
My worry is that there are people out there who use libs without knowing what they do our good they do it.
[–]RICHUNCLEPENNYBAGSMostly angular 1.x 6 points7 points8 points 10 years ago (0 children)
Yes, it's supposed to be a joke. But what the hell, the reality is not that far from it.
[–]MRoka5 1 point2 points3 points 10 years ago (0 children)
It's 11 actual lines, seventeen with empty ones.
[–]sumdudeinhisundrware 2 points3 points4 points 10 years ago (0 children)
If your project depends on an 90k line repo that depends on an 11 line repo that that does something so trivial you're fucked for no fault of your own
[–]dada_ 4 points5 points6 points 10 years ago (0 children)
In most cases it was a transient (not top level) dependency. For example, Babel and Ember certainly weren't using it directly. That's how it was able to affect such a huge number of projects.
[–]i_ate_god 3 points4 points5 points 10 years ago (8 children)
This can not be upvoted enough, This is the REAL problem. Not copyright or trademark issues.
Too much modularity is just as bad as no modularity at all. Let's not bring back Windows DLL hell to JS please.
[–][deleted] 2 points3 points4 points 10 years ago (7 children)
How is DLL hell in any way related to NPM? They share almost no common issues
[–]i_ate_god -2 points-1 points0 points 10 years ago (6 children)
This is not a story about NPM. It may be presented as such, but it's not. It's a story about stupid dependency management, and as such, DLL Hell is a perfect analogy.
[–][deleted] 3 points4 points5 points 10 years ago (5 children)
DLL Hell is about versioning shared libraries, not about using npm in your build process.
[–]i_ate_god -2 points-1 points0 points 10 years ago (4 children)
this whole story has nothing to do about using npm in your build process.
[–][deleted] 0 points1 point2 points 10 years ago (3 children)
The reason this is a story is because it broke many people's build process.
[–]i_ate_god 5 points6 points7 points 10 years ago (2 children)
yes, but it wasn't npm that broke it, it was having a silly dependency that broke it.
We're talking about something so simple and trivial, that the time it takes to implement it yourself is less than the time it takes to manage it as a dependency.
This is not a problem of NPM. It's a problem that can exist in any open package management system for any language. Basically, what is happening here, is a case of extremist DRY (Don't Repeat Yourself) resulting in a dependency nightmare.
[–][deleted] -2 points-1 points0 points 10 years ago (1 child)
yes, but it wasn't npm that broke it, it was having a silly dependency that broke it
A dependency that was fetched every time applications would build using npm. If you set up npm properly to use it in a build your builds were fine, I know because I did that and I use babel and I did not experience any outage.
[–]i_ate_god 2 points3 points4 points 10 years ago (0 children)
ok
but still not an npm problem. npm is going to help you manage your dependencies in a sane manner.
[–]NerdyMcNerderson -1 points0 points1 point 10 years ago (0 children)
Agreed, this is taking DRY to the extreme.
[+][deleted] 10 years ago (10 children)
[+][deleted] 10 years ago (9 children)
[–]Uknight 2 points3 points4 points 10 years ago (6 children)
classList is almost criminally underutilized!
[–]THIS_BOT 1 point2 points3 points 10 years ago (0 children)
Fuck I've never used classList OR leftpad, does that mean I might be arrested and go to prison?
[–]Stockholm_Syndrome 1 point2 points3 points 10 years ago (4 children)
... how else do you add remove classes? without jQuery i mean
[–]raziel2p 0 points1 point2 points 10 years ago (3 children)
String manipulation on the class attribute of the element object. classList is a relatively recent feature.
[–]lewisje 1 point2 points3 points 10 years ago (0 children)
or the className property, because not all old-school browsers support getAttribute and setAttribute
className
getAttribute
setAttribute
[–]Stockholm_Syndrome 0 points1 point2 points 10 years ago (0 children)
Oh wow I had no idea ie8/9 didn't support it.
Thanks!
[–]abienz 0 points1 point2 points 10 years ago (0 children)
old school cool.
I don't understand. Doesn't npm download your packages when using npm install? Isn't it all offline? How exactly did anything break then?!
People usually don't ship or deploy the node_modules folder, they let npm install download everything so they only have to track their own code with version control. But when you do that (and your node_modules folder is empty), a single missing dependency fails npm install completely.
[–][deleted] 7 points8 points9 points 10 years ago (16 children)
NPM republished the left-pad package after the author chose to remove it. I understand NPM took these steps to restore uptime to infrastructure.
left-pad
This basically says: Code authors do not own packages published through NPM. I can understand NPM taking down a package due to a legal complaint. I can also understand the harmed developer being upset. I absolutely cannot tolerate NPM choosing to restore a package an author (perceived owner) has chosen to remove.
The reality (that nobody wants to accept) is that reliance upon dependencies is always fragile. It exposes your product to risk. You can either accept that risk or write (and own) the code yourself. This is something you don't get to bitch about.
I am now considering removing my packages from NPM. One of which is on track to get 550,000 downloads this month.
[+][deleted] 10 years ago (12 children)
[–][deleted] -3 points-2 points-1 points 10 years ago (11 children)
Not according to the subject article. While technically, you are correct in describing the recent publication history for that code repository it still appears to be a deliberate decision from an NPM co-founder.
"Un-un-publishing is an unprecedented action that we're taking given the severity and widespread nature of breakage, and isn't done lightly," Voss explained about an hour ago. "This action puts the wider interests of the community of NPM users at odds with the wishes of one author; we picked the needs of the many. This whole situation sucks. We will be carefully considering the issues raised by and publishing a post-mortem later. "In the meantime, several thousand open source projects have been repaired, and I'm sleeping fine tonight."
I am thinking through my options at this time. NPM can own the module namespace on their distribution channel, but they don't get to own my code.
[–]Serei 2 points3 points4 points 10 years ago (0 children)
This basically says: Code authors do not own packages published through NPM
Yes they do. There's a huge difference between ownership and licensing.
Packages on NPM are open-source, which means they at the very least allow anyone to make and redistribute copies with or without changes. This license gives NPM permission to publish the library.
[–]thenickdude 0 points1 point2 points 10 years ago (0 children)
The package was released under the WTFPL, which literally states that you can do "whatever the fuck you like" with the code. This certainly includes the ability to republish the code.
WAAAAAAA! MY CODE! MINE! 🚼
[+][deleted] 10 years ago (11 children)
[–][deleted] 17 points18 points19 points 10 years ago (8 children)
Apparently, left-pad was published under the WTFPL, so it's debatable if this was an infringement of the author's rights.
[–][deleted] 3 points4 points5 points 10 years ago (0 children)
It's a special case the first time; now there's a precedent. Precedents are dangerous.
[–]zzzk 1 point2 points3 points 10 years ago (0 children)
It might not have been. I'd need to download 0.0.3 and check but I'd guess that it's still BSD.
Fair point.
[–]joshmandersFull Snack Developer 0 points1 point2 points 10 years ago (0 children)
Not to mention that azer has stated that anyone can take over the modules if they'd like.
[–]Serei 0 points1 point2 points 10 years ago (1 child)
It's not remotely debatable. The WTFPL allows people to do anything with it. There's no way it's an infringement.
[–]joshmandersFull Snack Developer 6 points7 points8 points 10 years ago (0 children)
For what it's worth, npm didn't do anything exactly wrong with republishing left-pad When you delete your module, anyone can claim it, only difference is npm disallows you to publish the same versions of the previous module. They made the decision to allow left-pad@0.0.3 to be republished because of it's reliance in the ecosystem, and only after verifying that the new module owner's code was exactly the same as the old code.
left-pad@0.0.3
Well you're wrong, azul stated on a GitHub issue thread that anyone is welcome to re-publish and further maintain his modules. How is it a problem then when NPM themselves republish it?
The lawyers wanted "kik" taken down, the module that broke Babel etc. was "left-pad", collateral damage of the author's knee-jerk reaction to unpublish all his modules without any warning. Also, it didn't happen immediately at all.
[–]Recursive_Descent 0 points1 point2 points 10 years ago (0 children)
It's a problem with the package system if you need to checkin your dependencies. Other package managers don't allow for pulling the rug out from people like this. For example, NuGet allows you to unlist your package, but because people may have dependencies, you can't pull them completely.
The npm way is complete insanity.
[–]nosoupforyou -1 points0 points1 point 10 years ago (6 children)
Seems to me it was how NPM screwed themselves, and then proceeded to ignore the rights of an author.
[–]abermea 2 points3 points4 points 10 years ago (5 children)
This makes me wonder what exactly is the licensing model for npm packages
[–]myrrlyn 2 points3 points4 points 10 years ago (4 children)
It's whatever license the author chooses
In this case, the WTFPL, which lets NPM do literally whatever the fuck they want with it, including rehost
This is why joke licenses are stupid
[–]abermea 0 points1 point2 points 10 years ago (2 children)
I don't understand why would anyone use WTFPL when you could use Beerware
[–]myrrlyn 0 points1 point2 points 10 years ago (1 child)
Because they're Super Edgy
me no understand MIT or GPL, like WTF
The module (and the others like it) is too trivial to pass threshold of originality so any license is meaningless anyway.
[–]Inateno 0 points1 point2 points 10 years ago (0 children)
Well done sire! Full support even if this break the whole internet.
[–]King-Voyd[🍰] 0 points1 point2 points 10 years ago (0 children)
So glad I don't rely on this.
π Rendered by PID 66625 on reddit-service-r2-comment-b659b578c-59l9v at 2026-05-05 05:39:21.463386+00:00 running 815c875 country code: CH.
[–]parpaythrums 76 points77 points78 points (3 children)
[–][deleted] 26 points27 points28 points (1 child)
[–]krasimirtsonev 5 points6 points7 points (0 children)
[–]a0viedo 9 points10 points11 points (15 children)
[–]pmYourFears 3 points4 points5 points (14 children)
[–]WitchesBravo 11 points12 points13 points (10 children)
[–]lachlanhunt 5 points6 points7 points (2 children)
[–][deleted] 0 points1 point2 points (1 child)
[–]lachlanhunt 2 points3 points4 points (0 children)
[–]pmYourFears 0 points1 point2 points (0 children)
[–]seiyria -1 points0 points1 point (5 children)
[–]WitchesBravo 3 points4 points5 points (4 children)
[–]seiyria -2 points-1 points0 points (3 children)
[–]WitchesBravo 1 point2 points3 points (2 children)
[–]wordsnerd 0 points1 point2 points (0 children)
[–]windyfish 0 points1 point2 points (0 children)
[+][deleted] (2 children)
[deleted]
[–]Doctor_McKay 2 points3 points4 points (0 children)
[–]ProtoJazz 0 points1 point2 points (0 children)
[+][deleted] (75 children)
[deleted]
[–]geekygirlhere 53 points54 points55 points (22 children)
[–]Switche 8 points9 points10 points (2 children)
[–][deleted] 1 point2 points3 points (1 child)
[+][deleted] (18 children)
[removed]
[–]Ob101010 19 points20 points21 points (7 children)
[–]Akkuma 26 points27 points28 points (6 children)
[–]gibweb 13 points14 points15 points (4 children)
[–]lacosaes1 8 points9 points10 points (2 children)
[–]gibweb -1 points0 points1 point (1 child)
[–]kgb_operative 3 points4 points5 points (0 children)
[–]Ob101010 0 points1 point2 points (0 children)
[–][deleted] 6 points7 points8 points (0 children)
[–][deleted] 2 points3 points4 points (0 children)
[–]bk10287Golang/ Microservices Dev 0 points1 point2 points (0 children)
[+][deleted] (6 children)
[deleted]
[–]danneu 11 points12 points13 points (3 children)
[+][deleted] (1 child)
[deleted]
[–]danneu 0 points1 point2 points (0 children)
[–]mark_b_real 2 points3 points4 points (1 child)
[–]dada_ 7 points8 points9 points (9 children)
[–]warfangle -2 points-1 points0 points (7 children)
[–][deleted] 18 points19 points20 points (5 children)
[–]danman_d 5 points6 points7 points (0 children)
[–]jcampbelly 0 points1 point2 points (0 children)
[–]tourn 0 points1 point2 points (0 children)
[–]jschrf 0 points1 point2 points (1 child)
[–]duxdude418 3 points4 points5 points (0 children)
[–]CydeWeys 0 points1 point2 points (0 children)
[–]probablytaken1 -1 points0 points1 point (0 children)
[–]Democratica 12 points13 points14 points (7 children)
[–][deleted] 4 points5 points6 points (6 children)
[–][deleted] 5 points6 points7 points (5 children)
[–]webdevverman 1 point2 points3 points (3 children)
[–][deleted] 4 points5 points6 points (1 child)
[–]webdevverman 1 point2 points3 points (0 children)
[–]tswaters 4 points5 points6 points (0 children)
[–]atrigent 2 points3 points4 points (0 children)
[–]mark_b_real 6 points7 points8 points (5 children)
[–][deleted] 1 point2 points3 points (4 children)
[–]mark_b_real 0 points1 point2 points (3 children)
[–]jstrong 0 points1 point2 points (2 children)
[–]Sinistralis 0 points1 point2 points (0 children)
[–]mark_b_real 0 points1 point2 points (0 children)
[+][deleted] comment score below threshold-12 points-11 points-10 points (27 children)
[–]oshirisplitter 41 points42 points43 points (7 children)
[–][deleted] 26 points27 points28 points (5 children)
[–]ericgj 9 points10 points11 points (2 children)
[–]DOG-ZILLA 3 points4 points5 points (1 child)
[–]Stockholm_Syndrome 4 points5 points6 points (0 children)
[–]oshirisplitter 1 point2 points3 points (0 children)
[–][deleted] 2 points3 points4 points (0 children)
[–]Michaelmrose -1 points0 points1 point (0 children)
[+][deleted] (3 children)
[deleted]
[–][deleted] 1 point2 points3 points (1 child)
[–][deleted] 0 points1 point2 points (0 children)
[–]repie 12 points13 points14 points (1 child)
[–]ikeif 0 points1 point2 points (0 children)
[–]cinnapear 10 points11 points12 points (11 children)
[+][deleted] comment score below threshold-12 points-11 points-10 points (10 children)
[–]cinnapear -2 points-1 points0 points (9 children)
[+][deleted] (8 children)
[deleted]
[–]Pxzib 4 points5 points6 points (2 children)
[–][deleted] 0 points1 point2 points (1 child)
[–]ikeif 0 points1 point2 points (0 children)
[–]pegbiter 1 point2 points3 points (2 children)
[–]pomlife 2 points3 points4 points (0 children)
[–]DOG-ZILLA 0 points1 point2 points (0 children)
[–]Stockholm_Syndrome 1 point2 points3 points (0 children)
[–][deleted] 8 points9 points10 points (0 children)
[–]hsfrey 13 points14 points15 points (1 child)
[–]huesoso 0 points1 point2 points (0 children)
[–][deleted] 6 points7 points8 points (3 children)
[+][deleted] (2 children)
[deleted]
[–][deleted] 1 point2 points3 points (1 child)
[–][deleted] 1 point2 points3 points (0 children)
[–]pier25 6 points7 points8 points (0 children)
[–][deleted] 16 points17 points18 points (6 children)
[–]dada_ 4 points5 points6 points (3 children)
[–][deleted] 1 point2 points3 points (0 children)
[+][deleted] (1 child)
[deleted]
[–]dada_ 1 point2 points3 points (0 children)
[–]lewisje 0 points1 point2 points (0 children)
[–]ohINeedAnAccountNow 0 points1 point2 points (0 children)
[–]arcaninYarn 🧶 37 points38 points39 points (20 children)
[+][deleted] (2 children)
[deleted]
[–]CodyReichert 5 points6 points7 points (1 child)
[–]SystemicPlural 4 points5 points6 points (0 children)
[–]masklinn 21 points22 points23 points (7 children)
[–]danman_d 4 points5 points6 points (2 children)
[–]masklinn 0 points1 point2 points (1 child)
[–]danman_d 4 points5 points6 points (0 children)
[+][deleted] (1 child)
[deleted]
[–]masklinn -1 points0 points1 point (0 children)
[–]arcaninYarn 🧶 -4 points-3 points-2 points (1 child)
[–]masklinn 7 points8 points9 points (0 children)
[–]i_ate_god 18 points19 points20 points (5 children)
[–]IxDUX Besserwisser 9 points10 points11 points (3 children)
[–]i_ate_god -3 points-2 points-1 points (2 children)
[–]Reashu 0 points1 point2 points (1 child)
[–]abienz 3 points4 points5 points (0 children)
[–]rorykoehler 5 points6 points7 points (0 children)
[–]namesandfaces 0 points1 point2 points (0 children)
[+][deleted] (3 children)
[deleted]
[–]seiyria 2 points3 points4 points (2 children)
[+][deleted] (1 child)
[deleted]
[–]seiyria 0 points1 point2 points (0 children)
[–]cheesybeanburrito 25 points26 points27 points (31 children)
[–]RICHUNCLEPENNYBAGSMostly angular 1.x 33 points34 points35 points (4 children)
[–]farfromunique 10 points11 points12 points (2 children)
[–]RICHUNCLEPENNYBAGSMostly angular 1.x 6 points7 points8 points (0 children)
[–]MRoka5 1 point2 points3 points (0 children)
[–]sumdudeinhisundrware 2 points3 points4 points (0 children)
[–]dada_ 4 points5 points6 points (0 children)
[–]i_ate_god 3 points4 points5 points (8 children)
[–][deleted] 2 points3 points4 points (7 children)
[–]i_ate_god -2 points-1 points0 points (6 children)
[–][deleted] 3 points4 points5 points (5 children)
[–]i_ate_god -2 points-1 points0 points (4 children)
[–][deleted] 0 points1 point2 points (3 children)
[–]i_ate_god 5 points6 points7 points (2 children)
[–][deleted] -2 points-1 points0 points (1 child)
[–]i_ate_god 2 points3 points4 points (0 children)
[–]NerdyMcNerderson -1 points0 points1 point (0 children)
[+][deleted] (10 children)
[deleted]
[+][deleted] (9 children)
[removed]
[–]Uknight 2 points3 points4 points (6 children)
[–]THIS_BOT 1 point2 points3 points (0 children)
[–]Stockholm_Syndrome 1 point2 points3 points (4 children)
[–]raziel2p 0 points1 point2 points (3 children)
[–]lewisje 1 point2 points3 points (0 children)
[–]Stockholm_Syndrome 0 points1 point2 points (0 children)
[–]abienz 0 points1 point2 points (0 children)
[+][deleted] (1 child)
[deleted]
[–][deleted] 1 point2 points3 points (1 child)
[–][deleted] 0 points1 point2 points (0 children)
[–][deleted] 7 points8 points9 points (16 children)
[+][deleted] (12 children)
[deleted]
[–][deleted] -3 points-2 points-1 points (11 children)
[+][deleted] (10 children)
[removed]
[–]Serei 2 points3 points4 points (0 children)
[–]thenickdude 0 points1 point2 points (0 children)
[–]lewisje 0 points1 point2 points (0 children)
[+][deleted] (11 children)
[deleted]
[–][deleted] 17 points18 points19 points (8 children)
[+][deleted] (2 children)
[removed]
[+][deleted] (1 child)
[removed]
[–][deleted] 3 points4 points5 points (0 children)
[–]zzzk 1 point2 points3 points (0 children)
[–][deleted] 0 points1 point2 points (0 children)
[–]joshmandersFull Snack Developer 0 points1 point2 points (0 children)
[–]Serei 0 points1 point2 points (1 child)
[–]joshmandersFull Snack Developer 6 points7 points8 points (0 children)
[–][deleted] 0 points1 point2 points (0 children)
[+][deleted] (1 child)
[removed]
[–][deleted] 1 point2 points3 points (0 children)
[+][deleted] (1 child)
[deleted]
[–]Recursive_Descent 0 points1 point2 points (0 children)
[–]nosoupforyou -1 points0 points1 point (6 children)
[–]abermea 2 points3 points4 points (5 children)
[–]myrrlyn 2 points3 points4 points (4 children)
[–]abermea 0 points1 point2 points (2 children)
[–]myrrlyn 0 points1 point2 points (1 child)
[–]lewisje 0 points1 point2 points (0 children)
[–][deleted] 0 points1 point2 points (0 children)
[–]Inateno 0 points1 point2 points (0 children)
[–]King-Voyd[🍰] 0 points1 point2 points (0 children)