Skip to content

Instantly share code, notes, and snippets.

@brantwellman

brantwellman/package-management.markdown

Forked from rrgayhart/package-management.markdown
Last active March 24, 2016 19:23
Show Gist options
  • Save brantwellman/c88de44810960c114326 to your computer and use it in GitHub Desktop.
Save brantwellman/c88de44810960c114326 to your computer and use it in GitHub Desktop.
Download ZIP
The Dangers of Using Code You Don't Control
Raw
package-management.markdown

The Dangers of Using Code You Don't Control

The Events

What happened

The Drama

The Developer's Take

Kik's Side of Things

NPM's Take

The Reaction Blog Post With Some Good Points And An Aggressive Title Published After Any Major Tech Event

What Are We Even Talking About

What is NPM

A Tutorial on Using NPM

Checks for Understanding

Fork this Gist and Respond to the Following Questions

  • In broad strokes, summarize the event
    • A company called Kik wanted to publish a package on NPM using their name that they have copyrighted, but another user, Azer had already published a package under that same name. Kik approached Azer about changing names, but he refused, so Kik approached the folks at NPM. NPM followed their own documented procedures and gave ownership of the name to the company Kik. Azer wasn't very pleased about this so he pulled all of his packages from NPM. One of these packages, left-pad, was a dependency that many other projects were relying upon, and a whole bunch of stuff broke for a time because Azer pulled the package without any warning.
  • How do NPM and RubyGems relate?
    • NPM and RubyGems are very similar in purpose. They are both tools that allow users to share and use code that someone else has written for a particular purpose. Both are open source. NPM shares javascript "packages" and RubyGems shares ruby "gems".
  • What is left-pad and why is it used?
    • left-pad is a small package (11 lines of code) that pads out the left side of strings with zeros or spaces.

Observing

  • Go through some past projects you've worked on and look through the gemfiles.

  • Pick three gems - try to pick a combination of obscure gems and ones you use on every project

  • List them with links to their Github repos here

    1. Faker
    • What does this Gem generally do?
      • Basicallly this gem provides fake data - whether it is to seed a db or to easily provide data for testing.
    • When is the date of the last commit?
      • Last commit - Feb 23, 2016
    • How many open issues does it have?
      • 51 open issues
    • Link to one piece of code or a file you understand
      • def alcohol - This should be self explanatory...It randomly generates an alcohol content nubmer between 2.0 and 10.0.
    • Link to one piece of code or a file you don't understand at all?
      • array.rb - I'm not really sure what this does...I think it has to do with the size of the collection that a user would like to have returned (n = size)
    • Does it seem reasonable to add this dependency into your code?
      • This gem is incredibly useful to generate semi-real but random data. It does seem that it is being worked on regularly, so I would make the decision to include it in a project, but if it weren't I would probably try to find an alternative tool.
    1. Geocoder
    • What does this Gem generally do?
      • Allows conversion of addresses to latitudes and longitude and in the reverse direction. It also says that it can support distance queries, but I haven't worked with that side of the gem.
    • When is the date of the last commit?
      • Last commit - Mar 18, 2016
    • How many open issues does it have?
      • 22 open issues
    • Link to one piece of code or a file you understand
      • bing.rb - It looks like this class has methods that return specific pieces of data from an @data hash. I assume they are for the Bing api.
    • Link to one piece of code or a file you don't understand at all?
    • Does it seem reasonable to add this dependency into your code?
      • This is a fun gem to use and incredibly useful if you are creating an application that has to do with geolocation. It appears to be worked on regularly and has half the number of issues that Faker does. I wouldn't hesitate to use it if my project required it.
    1. Capybara
    • What does this Gem generally do?
      • Allows a developer to test a web application in a similar manner that a real user would use the app.
    • When is the date of the last commit?
      • Last commit - Mar 19, 2016
    • How many open issues does it have?
      • 21 open issues
    • Link to one piece of code or a file you understand
      • node.rb - It looks like this class returns errors for different Capy actions - but I'm not entirely sure where they are called.
    • Link to one piece of code or a file you don't understand at all?
      • session.rb - This sets a few arrays as class variables, and then calls upon a driver method, but I'm not really sure what the driver is in relation to this class.
    • Does it seem reasonable to add this dependency into your code?
      • For feature/integration tests, this gem is very useful (if not required). It appears to be fairly well maintained with a large number of commits and small number of open issues.

  • What are some factors you consider when adding dependencies to your projects?

    • I would look at how frequently the commits are, how many people are involved in currently maintaining the code, and how many issues there are, along with how often they seem to be addressed.

Challenge Level Understanding (OPTIONAL but cool)

Building

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment