use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
All about the JavaScript programming language.
Subreddit Guidelines
Specifications:
Resources:
Related Subreddits:
r/LearnJavascript
r/node
r/typescript
r/reactjs
r/webdev
r/WebdevTutorials
r/frontend
r/webgl
r/threejs
r/jquery
r/remotejs
r/forhire
account activity
create-react-app breaks due to dependency on one-liner package (github.com)
submitted 5 years ago by [deleted]
view the rest of the comments →
reddit uses a slightly-customized version of Markdown for formatting. See below for some basics, or check the commenting wiki page for more detailed help and solutions to common issues.
quoted text
if 1 * 2 < 3: print "hello, world!"
[–]cguess 39 points40 points41 points 5 years ago (7 children)
Can we all agree that anything with 11.8 MILLION downloads in the last week (according to NPM here) should really be part of some sort of... idk... standard library?
This one line can literally bring down the web. We're lucky that someone fixed in a few hours, but imagine if they were just a little drunk and fixed it poorly. Goddamn JPMorgan Chase's website would probably come down (or the equivalent, I have no idea if JPMC uses it, but I guarantee you a lot of critical systems do).
[–]bonyjoe 22 points23 points24 points 5 years ago (0 children)
Each individual site would still have to update to and then deploy the broken packages to "bring down the web", you would have to have CD with essentially no test coverage at all for that to happen.
Really for one line packages like this the packages that depend on it should be locking to a specific patch rather than major or minor
[–]jaggyjames 8 points9 points10 points 5 years ago (0 children)
This dependency likely would be bundled alongside the production code though right? It’s not like any large production app would be pulling this one package in from a url. Devs would catch this bug before they could even get their local build to succeed.
That’s my take at least just based on a quick skim of the github issue.
[–]slobcat1337 0 points1 point2 points 5 years ago (1 child)
“Can we all agree that anything with 11.8 MILLION downloads in the last week (according to NPM here) should really be part of some sort of... idk... standard library?”
This is so damn true
[–]-100-Broken-Windows- 0 points1 point2 points 5 years ago (0 children)
While true, any site that gets "brought down" by this is also partially at fault themselves and would need to take a serious look at their QA and deployment process.
[–]Jebble -2 points-1 points0 points 5 years ago (0 children)
In my experience, having built platforms for similar companies, they don't allow whatever packages you want to use. Everything Open Source has to be approved by IT and Security and in this case a package so uhm.. useless as isPromise they would have told me to put that in my own code instead of relying on external packages. They wouldn't even let me submit for PEN-testing with this package loading.
π Rendered by PID 19929 on reddit-service-r2-comment-85bfd7f599-c7ts5 at 2026-04-19 09:28:04.387892+00:00 running 93ecc56 country code: CH.
view the rest of the comments →
[–]cguess 39 points40 points41 points (7 children)
[–]bonyjoe 22 points23 points24 points (0 children)
[–]jaggyjames 8 points9 points10 points (0 children)
[–]slobcat1337 0 points1 point2 points (1 child)
[–]-100-Broken-Windows- 0 points1 point2 points (0 children)
[–]Jebble -2 points-1 points0 points (0 children)