Never run npm audit. You won’t like what you see.
I absolutely cannot relate to using a ton of libraries in production code.
Node, and you’d be surprised.
It’s funny because it’s true. All those little guys will fuck you over eventually and likely are real trojans.
For that reason I see why companies maintain private mirrors. Heck I want one myself in case any more get lost or removed.
And each in their own way. Like leftpad or openssl
t.f.w. “npm install somePackage” adds hundreds of names to your supplier list, some of whom aren’t even adults let alone companies, and the policy says that each new supplier needs to go through a thorough vetting process.
If they wanted me to use a specific tool or lack thereof they should have said that. Instead they said “fix this problem” and instead of writing the entire codebase from the ground up I used the tools that were available to me so I could focus on fixing the problem instead of fixing the fix to fix the fix for the fix of the problem.
I can’t relate to this feeling at all, writing code using a library I’ve found is almost always the source of bugs. Miscommunication between the library developer and their documentation, or my ability to read the documentation. And that’s on top of how many big libraries I’ve seen with extremely simple exploits. Sadly I have to use a few, but I wince every time I install a package.
I am NOT writing a database connector unless you add an additional three months to your projects expectations.
I am NOT writing an LDAP connector.
I am NOT writing code to execute shell processes.
And I’m sure as hell not writing an XML parser just so I can say I did it without libraries.
JS devs that import libraries for every stupid thing (lpad comes to mind) are bad programmers, but libraries are useful and have their place.
And if my boss doesn’t want me using those libraries, they need to specify that in advance or there needs to be a company policy to that effect. Otherwise, I’m solving the problem my way since that’s what I’m getting paid to do.
And then a requirement changes, and good luck duct taping it to the darn framework
Nice to meet you, Jia Tan
TFW you want to do things good, slow and expensive, but management makes you do them fast, cheap and crap.
For your entire career.
Please kill me
Please kill me
No, you still have a PR to review.
> someone nitpicks word you used in a variable declaration
> you change it
> someone more senior says the former made more sense
> this goes on for far longer than it should
> eventually you get a real review from someone in your team that identified something actually needs to change
> you change it and re request reviews
rinse and repeat
you forgot the part where you have to rebase your branch and that causes merge conflicts that were resolved later but somehow still persist.
Don’t forget get questioned by your manager/scrum lead as to why its taking so long to get out.
Well, I’ve had the PR ready for 3 days and the team asked me to make changes today
Had a team lead that kept requesting nitpicky changes, going in a FULL CIRCLE about what we should change or not, to the point that changes would take weeks to get merged. Then he had the gall to say that changes were taking too long to be merged and that we couldn’t just leave code lying around in PRs.
Jesus fucking Christ.
There’s a reason that team imploded…
Had a colleague who would comment things like “add a newline here” as well as things that were fully his own preference.
That was the only time I closed comments without replying to them or fixing them, without feeling bad.
For stuff like that, it’s best to have an auto formatter like checkstyle or something.
People need to lameduck their code more
People need to reply to those comments with “out of scope” and a link to a new issue that will get buried in the backlog more often
TFW you want to do things good, slow and expensive, but management makes you do them fast, cheap and crap.
For your entire career.
Please kill me
i got the sense that some people wanted to when i made this same point about this industry in this same community about a week or so ago.
i love the duality of lemmy sometimes. lol
Change management! :-)
Or, if possible, change employer.
(And I know we’re in meme-land, but I always see it as a developer’s task to inform of the trade-off between fast and good)
Every other skilled trade just says “Fast, Right, or Cheap: pick two.”
It’s not my fault if they always pick fast and cheap
Okay, sure, do fast. Then:
- I’ll add a refactor task to the backlog filed under “tech debt”
- please confirm again that you know we are still behind on security updates and that you’re ok with it because you are responsible for how I spend my hours
- I’d like more time to spend on bugs before we lose customers.
- Also I won’t touch that buggy part without taking the time for a rewrite because we did it “fast” per your request and it’s so hard to maintain now that it becomes a time sink on every minor change
- I know we are under time pressure right now, but as a stakeholder I request we plan a few sprints for improving reliability of our product
- It’s not “fun” to work on our code. We might lose developers if we do not address this. We both know the good coders will have no problem finding a new job and you’ll end up with the bad ones.
- Either that, or plan for loss of personnel and the extra time we need for the hiring process and the loss of developer hours