Sources Contact Advanced Search Tutorials

An Interest In:

Web News this Week

Search Archive

Some of Our Sources

View All Sources

Help Webnuz

Referal links:

March 23, 2016 04:00 pm

How One Dev Broke Node, and Thousands of Projects In 11 Lines of JavaScript

An anonymous reader quotes an article written by Chris Williams for The Register: Programmers were left staring at broken builds and failed installations on Tuesday after someone toppled the Jenga tower of JavaScript. A couple of hours ago, Azer Koculu unpublished more than 250 of his modules from NPM, which is a popular package manager used by JavaScript projects to install dependencies. Koculu yanked his source code because, we're told, one of the modules was called Kik and that apparently attracted the attention of lawyers representing the instant-messaging app of the same name. According to Koculu, Kik's briefs told him to take down the module, he refused, so the lawyers went to NPM's admins claiming brand infringement. When NPM took Kik away from the developer, he was furious and unpublished all of his NPM-managed modules. 'This situation made me realize that NPM is someone's private land where corporate is more powerful than the people, and I do open source because Power To The People,' Koculu blogged. Unfortunately, one of those dependencies was left-pad. It pads out the lefthand-side of strings with zeroes or spaces. And thousands of projects including Node and Babel relied on it. With left-pad removed from NPM, these applications and widely used bits of open-source infrastructure were unable to obtain the dependency, and thus fell over.

Slashdot

Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..

More About this Source Visit Slashdot