• floofloof@lemmy.ca
    link
    fedilink
    English
    arrow-up
    84
    ·
    edit-2
    5 months ago

    It looks like “is-number” was never more than a few simple lines of code. It still has 68 million downloads per week.

    https://www.npmjs.com/package/is-number

    I checked one of our main projects at work, and it’s in there as a dependency 6 levels deep via the “sass” package.

    • sushibowl@feddit.nl
      link
      fedilink
      arrow-up
      41
      ·
      5 months ago

      is-number is a project by John Schlinkert. John has a background in sales and marketing before he became an open source programmer and started creating these types of single function packages. So far he has about 1400 projects. Not all of them are this small, though many are.

      He builds a lot of very basic functionality packages. Get the first n values from an array. Sort an array. Set a non-enumerable property on an object. Split a string. Get the length of the longest item in an array. Check if a path ends with some string. It goes on and on.

      If you browse through it’s not uncommon to find packages that do nothing but call another package of his. For example, is-valid-path provides a function to check if a windows path contains any invalid characters. The only thing it does is import and call another package, is-invalid-path, and inverses its output.

      He has a package called alphabet that only exports an array with all the letters of the alphabet. There’s a package that provides a list of phrases that could mean “yes.” He has a package (ansi-wrap) to wrap text in ANSI color escape codes, then he has separate packages to wrap text in every color name (ansi-red, ansi-cyan, etc).

      To me, 1400 projects is just an insane number, and it’s only possible because they are all so trivial. To me, it very much looks like the work of someone who cares a lot about pumping up his numbers and looking impressive. However the JavaScript world also extolled the virtues of these types of micro packages at some point so what do I know.

      • nickwitha_k (he/him)@lemmy.sdf.org
        link
        fedilink
        arrow-up
        2
        ·
        5 months ago

        To me, 1400 projects is just an insane number, and it’s only possible because they are all so trivial.

        Holy shit. I’m going to have to go through my team’s dependencies. I don’t feel confident that someone “maintaining” that many projects is going to be able to keep all bad actors at bay. Not to mention, none of the examples of his libraries that I’ve seen SHOULD be libraries.