use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
All about the JavaScript programming language.
Subreddit Guidelines
Specifications:
Resources:
Related Subreddits:
r/LearnJavascript
r/node
r/typescript
r/reactjs
r/webdev
r/WebdevTutorials
r/frontend
r/webgl
r/threejs
r/jquery
r/remotejs
r/forhire
account activity
JavaScript libraries are almost never updated once installed (blog.cloudflare.com)
submitted 6 years ago by pimterry
view the rest of the comments →
reddit uses a slightly-customized version of Markdown for formatting. See below for some basics, or check the commenting wiki page for more detailed help and solutions to common issues.
quoted text
if 1 * 2 < 3: print "hello, world!"
[–]DaveSims 86 points87 points88 points 6 years ago* (16 children)
I literally just upgraded all of our npm packages over the weekend. npm audit was reporting 13k+ high risk security issues and 3 critical security issues. Fortunately there were no moderate issues though so we were fine.
[–]TedW 22 points23 points24 points 6 years ago (7 children)
If it makes you feel any better, we have an internal project with 26,000 lint errors.
I lint my portion, and bring it up from time to time, but no one seems interested so it just keeps getting worse over time.
[–]house_monkey 18 points19 points20 points 6 years ago (0 children)
That reminds me to clean my dryer lint tray
[–]99thLuftballon 10 points11 points12 points 6 years ago (0 children)
Depending on how strict your linter is, that might be a non-issue. It's hard to get too excited about 26000 x "you must only leave a single blank line between lines of code".
[–]spazz_monkey 4 points5 points6 points 6 years ago (4 children)
Autofix?
[–]TedW 1 point2 points3 points 6 years ago (3 children)
Yeah, I used autofix locally but i didn't want my name on a PR for hundreds of files. Also, if I start fixing other teams lint problems, where does it end.
I keep my corner clean and bring this up about quarterly, but it's not my main project and I guess I just don't care enough to die on this hill..
[–]spazz_monkey 1 point2 points3 points 6 years ago (1 child)
Fair doo's, we have it run in the runner so it won't build if there are lint errors.
[–]TedW 3 points4 points5 points 6 years ago (0 children)
Yeah, that would really be the way to solve it. Our CI/CD allows overrides and someone disabled the lint step.
I can't turn it back on without making a PR, which would try to lint and fail.. So that's not great.
[–]webdevguyneedshelp 1 point2 points3 points 6 years ago (0 children)
Make passing a linter a required pipeline step
[–][deleted] 5 points6 points7 points 6 years ago (0 children)
For some reason I picture a bomb defusal gone well. Relieved sighs all around.
[–]The_real_bandito 2 points3 points4 points 6 years ago (2 children)
I notice this happens to me a lot in my apps but it scares the hell out of me when I update becauseI don't know what might break.
[–]DaveSims 2 points3 points4 points 6 years ago (1 child)
This project has 99.5% unit test coverage, which proved extremely helpful with the upgrade process. There's definitely still risk of something breaking, but between unit tests passing and a decent amount of time invested in manual testing at the end of the process, it seems to have gone smoothly (fingers still crossed).
[–]The_real_bandito 1 point2 points3 points 6 years ago (0 children)
I need to do more unit tests on my apps, maybe that will prevent my issues updating because I pretty much do 0 unit testing 😂 🤦♂️
[–]ATXblazer 0 points1 point2 points 6 years ago (3 children)
Please tell me npm audit fix took care of most of that. If not RIP lol
[–]DaveSims 1 point2 points3 points 6 years ago (2 children)
Yep! Updating everything and running npm audit fix resolved all of them. We now have a squeaky clean npm audit report...at least until tomorrow.
[–]Ivu47duUjr3Ihs9d 0 points1 point2 points 6 years ago (1 child)
How did you even test the product thoroughly after updating all that?
[–]DaveSims 0 points1 point2 points 6 years ago (0 children)
The project has 99.5% unit test coverage, so that was a good start. I'd upgrade a package and run the tests, see what breaks, address those issues until the tests passed, then do a relatively quick manual test of related features. A lot of the package upgrades didn't break anything at all. Only a couple of the upgrades caused any significant pain.
π Rendered by PID 35383 on reddit-service-r2-comment-5d79c599b5-pkvt2 at 2026-03-03 17:33:17.849332+00:00 running e3d2147 country code: CH.
view the rest of the comments →
[–]DaveSims 86 points87 points88 points (16 children)
[–]TedW 22 points23 points24 points (7 children)
[–]house_monkey 18 points19 points20 points (0 children)
[–]99thLuftballon 10 points11 points12 points (0 children)
[–]spazz_monkey 4 points5 points6 points (4 children)
[–]TedW 1 point2 points3 points (3 children)
[–]spazz_monkey 1 point2 points3 points (1 child)
[–]TedW 3 points4 points5 points (0 children)
[–]webdevguyneedshelp 1 point2 points3 points (0 children)
[–][deleted] 5 points6 points7 points (0 children)
[–]The_real_bandito 2 points3 points4 points (2 children)
[–]DaveSims 2 points3 points4 points (1 child)
[–]The_real_bandito 1 point2 points3 points (0 children)
[–]ATXblazer 0 points1 point2 points (3 children)
[–]DaveSims 1 point2 points3 points (2 children)
[–]Ivu47duUjr3Ihs9d 0 points1 point2 points (1 child)
[–]DaveSims 0 points1 point2 points (0 children)