The Dangers of Using Code You Don't Control

package-management.markdown

The Dangers of Using Code You Don't Control

The Events

What happened

The Drama

The Developer's Take

Kik's Side of Things

NPM's Take

The Reaction Blog Post With Some Good Points And An Aggressive Title Published After Any Major Tech Event

What Are We Even Talking About

What is NPM

A Tutorial on Using NPM

---

Checks for Understanding

Fork this Gist and Respond to the Following Questions

• Somebody named Azer published to NPM with a name of Kik, some people got angry because their company was Kik and wanted the name and Azer decided to remove his packages which broke a ton of stuff.
• NPM and RubyGems relate in that they both bring in stuff from the internet to help you with outside code, NPM is just more javascript which originally dealt a lot with node
• Left Pad is 11 lines of code that padded a string apparently

Observing

• Go through some past projects you've worked on and look through the gemfiles.
• Pick three gems - try to pick a combination of obscure gems and ones you use on every project
• List them with links to their Github repos here

  • [rails 12 factor]["https://github.com/slotaj/legislators/blob/master/Gemfile"]

  • This gem helps with error messages for heroku

  • The date of the last commit was Jan 28th, 2015

  • I believe it has 4 open issues

  • [some testing I understand]["https://github.com/heroku/rails_12factor/blob/master/test/test_rails_12factor.rb"]

  • basically makes sure the requested files are there for 12 factor

  • [is this seriously all 12factor?]["https://github.com/heroku/rails_12factor/blob/master/lib/rails_12factor.rb"]

  • This confuses me because it seems 12factor just pulls in other packages so to speak

  • This dependency in my mind is crucial if you are having heroku issues

  • [faraday]["https://github.com/slotaj/legislators/blob/master/Gemfile"]

  • This gem helps with http requests

  • December 23rd, 2015

  • 47 open issues

  • [connection]["https://github.com/lostisland/faraday/blob/master/lib/faraday/connection.rb"]

  • this code to me looks like it takes the request and parses the string based on the input

  • [error]["https://github.com/lostisland/faraday/blob/master/lib/faraday/error.rb"]

  • I don't get line 59, but I'm guessing it's a method

  • Faraday is super crucial for HTTP requests, but I probably like excon more

  • [geocoder]["https://github.com/alexreisner/geocoder"]

  • this gem translates geolocations with zips!

  • March 18th, 2016

  • 22 issues

  • [oauth_util]["https://github.com/alexreisner/geocoder/blob/master/lib/oauth_util.rb"]

  • this code looks like some interesting oauth code

  • [recursive hash]["https://github.com/alexreisner/geocoder/blob/master/lib/hash_recursive_merge.rb"]

  • this code looks like some crazy recursive stuff, I could probably figure it out but interesting

  • geocoder is fun and looking at it's dependencies probably very useful

  • I honestly have never thought about this before, but I like dependencies when they are easy solutions to complicated problems