This is the editorial from the latest JavaScript newsletter. You can subscribe here.
In the wake of left-pad-gate, which saw a developer named Azer Koçulu unpublish 250 of his modules from npm, we saw a number of sensationalist headlines proclaiming that 11 lines of JavaScript were responsible for breaking the internet.
What they were referring to, is that one of the modules that Azer yanked (left-pad) was only 11 lines in length, yet was depended upon by a lot of projects (including big names such as Babel and Facebook). Removing this module meant that npm install started failing for any project using it as a dependency.
Azer’s actions raised a number of questions from “Was it really a trademark infringement?” to “Should it be possible to un-publish a module that another project depends on?” — many of which have since been answered as part of the official post-mortem.
Yet this episode also raised a trickier question and one which has since divided opinion. Namely, is it ok to declare a dependency on such a small module, or should we be coding this kind basic functionality ourselves?
Those in favor of writing such functionality from scratch, argue that increasing the number of third-party dependencies in a project, by definition, increases the number of points of potential failure. They claim that functions are not modules, that participants in the npm ecosystem have created a fetish for micro-packages and question if we have all forgotten how to program.
However, those arguing in defense of hyper modular JavaScript claim that size is irrelevant and it’s all about composition. As Sindre Sorhus states:
You make small focused modules for reusability and to make it possible to build larger more advanced things that are easier to reason about.
They question why you would even want to rewrite something like left-pad, citing the extremely small barrier to entry when publishing a package to npm as one of the reasons that npm is outperforming all other package managers in terms of growth.
Personally, I can see both sides of the coin. Sure, small, reusable modules facilitate composition and if you standardize on a dependency (even one as small as left-pad), you can iron out a lot of edge cases and potential bugs. Yet on the other hand, adding third-party dependencies to your code base ad infinitum, will increase your overhead and the scope for things to go wrong.
For me, context is important (for example is it a quick prototype or a production app?). Actively thinking about the modules or libraries you need to include in a project, is a great first step towards building something maintainable.
But what do you think? Let me know below.