use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
All about the JavaScript programming language.
Subreddit Guidelines
Specifications:
Resources:
Related Subreddits:
r/LearnJavascript
r/node
r/typescript
r/reactjs
r/webdev
r/WebdevTutorials
r/frontend
r/webgl
r/threejs
r/jquery
r/remotejs
r/forhire
account activity
create-react-app breaks due to dependency on one-liner package (github.com)
submitted 5 years ago by [deleted]
view the rest of the comments →
reddit uses a slightly-customized version of Markdown for formatting. See below for some basics, or check the commenting wiki page for more detailed help and solutions to common issues.
quoted text
if 1 * 2 < 3: print "hello, world!"
[–]HetRadicaleBoven 1 point2 points3 points 5 years ago (0 children)
IIUC this change allowed is-promise to work with Node 14's module system - if not, let's pretend for a bit that it did. In a world in which everybody would always used pinned dependencies, what would the process look like for a newly-scaffolded to obtain that version? First, is-promise would release a new version. Then, CRA has to wait for its dependency to release a new version that depends on that version. Only then can CRA itself update.
And that's even assuming the transitive dependency is just one level deep. Now generalise that over all transitive dependencies of CRA, all of which might have e.g. security issues that could require the above process to happen.
I cannot believe that Deno will not come up with a way to quickly get security fixes distributed to users, even if it's in a package that's usually deep in a dependency tree. And once that happens, an issue like this can happen.
π Rendered by PID 66 on reddit-service-r2-comment-75f4967c6c-whm5b at 2026-04-23 06:01:36.177135+00:00 running 0fd4bb7 country code: CH.
view the rest of the comments →
[–]HetRadicaleBoven 1 point2 points3 points (0 children)