Skip to content

Instantly share code, notes, and snippets.

@SteveOscar

SteveOscar/package-management.markdown

Forked from rrgayhart/package-management.markdown
Last active March 24, 2016 17:57
Show Gist options
  • Save SteveOscar/143a6f27d71d517b2bea to your computer and use it in GitHub Desktop.
Save SteveOscar/143a6f27d71d517b2bea to your computer and use it in GitHub Desktop.
Download ZIP
Code You Don't Control (WITH A GEM, UGHHHH!) - SteveO Responses
Raw
package-management.markdown

Checks for Understanding

Fork this Gist and Respond to the Following Questions

  • In broad strokes, summarize the event

    • A developer had released serveral packages on NPM that many programs used as a dependency, including major stuff like Babel. One of these packages was basically a simply formatting function called Kik. A large messaging comapny has that same name, and wanted to release a package called 'Kik'. They contacted the developer and offered compensation if he changed the name, lawyers at his door if he didn't. He refused, and pulled all of his packages from NPM, breaking many dependent programs in the process. NPM decided for the first time to un-unpublish a module.

  • How do NPM and RubyGems relate?

    • In my mind they are equivalant in their basic idea: allowing developers to create and offer for reuse packages of code with some specific functionality. It sounds like NPM might have more of a focus on very small packages. I'd guess that the average RubyGem is larger than the average NPM package, but not sure.

  • What is left-pad and why is it used?

    • left-pad is a tiny 11-line NPM package that just pads out the left side of strings. It's used because, although writing out that same function yourself is easier, instaling the package is easier. But that dependency is obviously a risk.

Observing

gon

  • What does this Gem generally do?
    • It creates a very simple process for passing data from a Rails or Sinatra backend to the JavaScript on the front. Basically, you can pass instance variable from a controller to your JS just like you normally do in Rails for passing data to a view.
  • When is the date of the last commit?
    • Jan 2, 2016
  • How many open issues does it have?
    • 23
  • Start looking around the source code
    • Link to one piece of code or a file you understand
      • request.rb
      • This is a simple file that establishes the Gon class, sets an 'env' reader, an 'id' accessor, initializes @gon as a hash, and provides a method for clearing the hash.
    • Link to one piece of code or a file you don't understand at all?'
      • rabl.rb
      • This is the 'Rabl' module, but it requires Rabl at the top, and wraps a class that inherests from self. And within the code itself, well I just don't really get what's happening.
  • Does it seem reasonable to add this dependency into your code?
    • It's a fairly large gem, not a simple dependency like the Kik example. I think it makes sense to use in lots of cases because it saves you from having to build out an API just to access your database from the JS. It also has methods that use AJAX so you can update the page without refreshing.

capybara

  • What does this Gem generally do?
    • It's an acceptance test framework that lets you write tests in a more natural language that's easier to follow.
  • When is the date of the last commit?
    • Mar 19, 2016
  • How many open issues does it have?
    • 21
  • Start looking around the source code
    • Link to one piece of code or a file you understand
      • title_query.rb
      • This takes in an expected title, normalizes the formatting with REGEX, and has a method to check the title against a node that is passed in. Other methods provide failure and non-failure responses.
    • Link to one piece of code or a file you don't understand at all?
      • cucumber.rb
      • This uses a couple World calls that I don't understand. After that sets up a JavaScript driver, but I don't understand the basic setep of the file.
  • Does it seem reasonable to add this dependency into your code?
    • Yep, Capybara is a well-known and trusted package that adds a lot of useful functionality. It seems to be somewhat of an industry standard, so I think it's reasonable to use.

figaro

  • What does this Gem generally do?

    • It's a simple Rails app configuration gem that sets ENV variables.

  • When is the date of the last commit?

    • July 15, 2015

  • How many open issues does it have?

    • 35

  • Start looking around the source code

    • Link to one piece of code or a file you understand
      • application.rb
      • It's a fairly long file, but it's full of simple methods. It's initialized with a hash, and has methods for parsing, environment settings, and configuration.
    • Link to one piece of code or a file you don't understand at all?
      • cli.js
      • I don't understand a lot of the syntax on this page. There are all these 'method_option' calls, which I haven't seen, and 'alias' and 'desc:' lines.

  • Does it seem reasonable to add this dependency into your code?

    • I think this one is the least necessary of the 3 I looked at, but it's still reasonable to use. None of these are like the 11-line example that we could easily write on our own in 5 minutes.

  • What are some factors you consider when adding dependencies to your projects?

    • Up till now it's mostly been going through the README and seeing if I understand how to use it. I also make sure it hasn't been years since the last update. In the future I'll start weighing the risks of extra dependencies vs the provided functionality.

Challenge Level Understanding (OPTIONAL but cool)

I just released me a gem.

-Fotofetch pulls in images based on a given search query and dimensions restrictions.
FOTOFETCH

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment