Skip to main content
  • Log in
  • Manage Cookies
EclipseCon - Eclipse Foundation
  • Conference
    • News
    • Registration
    • Program Schedule
    • Program List
    • Community Day
    • Keynotes
  • Sponsors
    • Our Sponsors
    • Sponsor Testimonials
    • Be a Sponsor
    • Sponsor Guidelines
  • Community
    • 2021 Speakers
    • Speaker Guidelines
    • Code of Conduct
    • Community Resources
    • Conference Guide Documents
    • Information for Speakers
  • About Us
    • EclipseCon 2021
    • Program Committee
    • The Eclipse Foundation
    • Past Conferences
    • Other Events
  • Code of Conduct
  1. Home
  2. EclipseCon
  3. EclipseCon 2021
  4. Sessions
  5. An Illustration of Javascript Dependency Hell using left-pad

An Illustration of Javascript Dependency Hell using left-pad

Session details
Status: 
Accepted
Speaker(s): 
Marc Dumais (Ericsson AB)
Experience level: 
Beginner
Tags: 
JavaScript npm
Session Track: 
Other Cool Stuff
Session Type: 
Standard

In the JavaScript ecosystem, it's part of the culture to enthusiastically re-use existing packages made by others as part of one's own work, rather than reinventing the wheel. This means that, on average, an npm package has several production dependencies, as well as several build/test (dev-)dependencies. For a big application or a framework this can result in pulling a big number of direct dependencies, which in turn have their own dependencies, and so on, forming an unexpectedly deep and wide dependency tree, that someone has to manage (FOSS Compliance, security flaw management, ...)

left-pad (1) is an npm package with a payload of 11 lines of JavaScript code. When it was unexpectedly unpublished from npm in 2016, the result was described as ""having broken the internet"" (2). Leftpad has no runtime dependencies and a few dev-dependencies. However many important packages depended on it, directly or not, and got broken when it disappeared.. 

As a thought experiment, we'll scope the fictive task of re-building and testing left-pad from scratch, including all its recursive runtime and test dependencies, using only dependent packages that we have built and tested from scratch all the way down the dependency tree. How big of an effort would that be?  Would we need to re-build e.g. 10, 100 or maybe 10000 packages or more, before we can finally make and test our very own left-pad package, using no npm package built by someone else? 

Come see this talk and find out!

1. https://www.npmjs.com/package/left-pad
2. https://qz.com/646467/how-one-programmer-broke-the-internet-by-deleting-..."

Objective of the presentation: 
Educate about one aspect of the Javascript eco-system: "Dependencies, dependencies and dependencies!". It's not like Java at all!
Attendee pre-requisites - If none, enter "N/A": 
N/A
Schedule info
Time: 
28 Oct 2021 - 16:50 to 28 Oct 2021 - 17:20
Room: 
Room 3
  • Sign in to post comments.

Elite Sponsors

Premium Sponsors

Basic Sponsors

Eclipse Foundation

  • About Us
  • Contact Us
  • Sponsor
  • Members
  • Governance
  • Code of Conduct
  • Logo and Artwork
  • Board of Directors
  • Careers

Legal

  • Privacy Policy
  • Terms of Use
  • Copyright Agent
  • Eclipse Public License
  • Legal Resources

Useful Links

  • Report a Bug
  • Documentation
  • How to Contribute
  • Mailing Lists
  • Forums
  • Marketplace
EclipseCon is brought to you by The Eclipse Foundation with the support of our sponsors.
Powered by Drupal and built on COD.

Copyright © Eclipse Foundation. All Rights Reserved.

Back to the top