Skip to content

Instantly share code, notes, and snippets.

@martensonbj

martensonbj/package-management.markdown

Forked from rrgayhart/package-management.markdown
Last active March 24, 2016 18:43
Show Gist options
  • Save martensonbj/915ffe6b2e3d23623fe5 to your computer and use it in GitHub Desktop.
Save martensonbj/915ffe6b2e3d23623fe5 to your computer and use it in GitHub Desktop.
Download ZIP
The Dangers of Using Code You Don't Control
Raw
package-management.markdown

The Dangers of Using Code You Don't Control

The Events

What happened

The Drama

The Developer's Take

Kik's Side of Things

NPM's Take

The Reaction Blog Post With Some Good Points And An Aggressive Title Published After Any Major Tech Event

What Are We Even Talking About

What is NPM

A Tutorial on Using NPM

Checks for Understanding

Fork this Gist and Respond to the Following Questions

  • In broad strokes, summarize the event
    • In retaliation to disagreeing with legal naming issues, a crucial (albeit rather small) section of code was removed from the NPM database and consequently codebases that relied on this dependency broke, hard. Some of the major frameworks affected by said transgression were Node and Babel.
  • How do NPM and RubyGems relate?
    • Like NPM, RubyGems is a collection of mini applications that make life easier to code in Rails. The issue with blindly using Gems is that also like NPM, your app is then dependent on those gems continuing to be maintained and fully functional. Situations like left-pad are scary for the development industry because the developer is essentially no longer in controller of their own code. What happens behind the scenes with larger situations (like name infringement) can 'derail' your entire app without your knowledge or preparation.
  • What is left-pad and why is it used?
    • left-pad is a module used to pad strings with spaces and zeros on the left side.

Observing

  • Go through some past projects you've worked on and look through the gemfiles.
  • Pick three gems - try to pick a combination of obscure gems and ones you use on every project
  • List them with links to their Github repos here
  1. Responders Gem
    What does this Gem generally do?
  • Simplifies how Rails responds to requests When is the date of the last commit?
  • March 18, 2016 (3 days ago) How many open issues does it have?
  • 7 Link to one piece of code or a file you understand
  • respond
  • This sets up the respond_to method and allows the user to specify what protocol/format the response is expecting. Link to one piece of code or a file you don't understand at all? mimes
  • No idea what a "mime" is. Does it seem reasonable to add this dependency into your code?
  • Yes. It is a very popular gem with regular and recent commits. It could have more in depth documentation though.
  1. Paperclip Gem What does this Gem generally do?
  • It makes uploading files easier. When is the date of the last commit?
  • 17 Hours ago! How many open issues does it have?
  • 110 Start looking around the source code
    • Link to one piece of code or a file you understand Migration
      • It sets up what happens when you run a migration with this gem, including adding columns like "image", "file-upload-name" etc, which appear in the schema after implementing this gem.
    • Link to one piece of code or a file you don't understand at all? IO adapters Lots of things are going on here that seem to refer to various dependencies...it gets complicated. Does it seem reasonable to add this dependency into your code?
    • Yes. It is a very widely-used gem with a ton of activity going on. I have zero concerns with the documentation or reliability of the organization that created it (Thougthbot).
  1. Headshot Gem What does this Gem generally do?
  • It allows the user to take a picture with their internal camera and then do things with that file. When is the date of the last commit?
  • May 4th...eeee. How many open issues does it have?
  • 2 Start looking around the source code
    • Link to one piece of code or a file you understand model.rb Pretty straightforward model setup. This is kind of cheating.
    • Link to one piece of code or a file you don't understand at all? generate_generator Looks like it sets up migrations and file paths...but based on the name I feel like it could be done differently. Does it seem reasonable to add this dependency into your code?
    • Might be a little sketch. I did use it when an API I was trying to use turned out to be unreliable. I know in HTML5 you can implement the camera function on its own, and then manipulate the files with File IO. In the future I will work on building the functionality from scratch for this instead of relying on a potentially outdated gem.
  • What are some factors you consider when adding dependencies to your projects?

Challenge Level Understanding (OPTIONAL but cool)

Building

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment