[conspire] Dependency management: solved

Deirdre Saoirse Moen deirdre at deirdre.net
Thu Apr 24 11:14:42 PDT 2025 

On Wed, Apr 23, 2025, at 5:04 PM, Don Marti wrote:
> Even for a small software project, it gets to be a pain to keep track of 
> all the different software libraries required for different 
> functionality, their differences in calling conventions and function 
> naming, and worst of all, the dreaded deprecated features.
> 
> Problem solved. Released just around the beginning of this month, now 
> there's one JavaScript package that contains "literally any function 
> imaginable" -- no more remembering snake_case or camelCase, no more 
> worrying about putting the arguments in the right order, in fact, 
> nothing to look up, ever! Just call the function you want to call, the 
> way you want to call it.
> 
> https://www.npmjs.com/package/@andrewtaylor/util-ai

*snerch*

One of my crankier comments on reddit of late:

JavaScript is a shitty language “designed” on a ten-day bender and shipped rather than tossed, and we’re stuck with its awfulness.

No amount of great work by library developers can fix its underlying horrors. As long as it exists, many of our best and brightest will spend their days toiling in swill. And that is a tragedy.

(I say this having worked on a browser team for 5+ years, to be clear.)

(end of cranky comment)

Granted, “Scheme in the browser” wasn’t a bad idea, just it wound up being a bad implementation that we’re stuck with.

I found it hilarious that the link led to Node's package manager, the bane of my existence.

For those who don't know how it works, here's a summary.

Let's say you import:

A v 1.0.0
B v 1.0.0
C v 1.0.0

And A imports:

D v 1.5.0
E v. 1.2.0

…and B imports:

D v. 1.5.0
E v. 1.2.1

…and C imports

D v 1.4.0
E v 1.1.1

You’ll have each of those libraries, even the duplicates, in their little trees, so two copies of the *same* version of D, plus the one version back, and three different versions of E, so nine libraries total in your final deployment. Good news: your app will (probably) work, bad news is it’s almost impossible to patch security holes in your app.

Deirdre

More information about the conspire mailing list