Menu

React, etc. Tech Stack

React, Flux, GraphQL, Hack, HHVM...? All of this and more!

Composer's NPM moment

Earlier this year a package was removed from the JavaScript packaging manager NPM repositories. The removal of a single (now famous left-pad) package caused mischief to a lot of developers that were relying on the package directly or indirectly.

PHP's Composer had a similar situation today. Composer is a similar packet manager as NPM, with a central repository, Packagist. There was an abrupt stop for many developers as commonly used packages from Nelmio were unavailable.

These are popular packages that millions of developers depend on. This was caused by a human error of removing an organization from Github. So the reason behind this was not intentional and is thus different from the NPM situation earlier this, but the end result can be the same.

This will be fixed soon enough, it's still an example of how depending on external resources through a packet manager can affect the development flow of a large number of people. All it takes is a click or two, but there's no reason to play the blame game.

Shrinkwrapping your apps with all the vendor code can be useful and is a common practice in the NPM world. In addition you can consider using a proxy such as Toran for your packet management for increased performance and reliability.

Read the details behind the incident from the trenches: Goddamn it

Update

Everything was switftly fixed, an hour actually. A big hand to Jordi for his efforts.

Written by Jorgé on Tuesday May 31, 2016

Permalink -

« Looking for a Node.js CMS for an Enterprise? - GraphQL has momentum »