Unsurprisingly developers around the world began to panic. In fact the problem became so widespread npm were forced to republish the module, getting it back online and fixing web development as we know it. The npm team wrote an in depth explanation of the whole left-pad fiasco on their blog if you’re interested in reading more.
Over at Pusher this got us thinking about what this incident means for npm, and dependencies in general. So Ben Foxall and I grabbed a coffee by the Pusher offices to chat things through.
What can we learn?
To summarise our ramblings above there’s a few things we can learn from the debacle.
- Removing all dependencies isn’t practical. When solutions are easy enough to implement ourselves there’s no excuse not to do it. At the same time we’ve already seen npm taking this incident seriously and tightening up its own publishing system as a result.
We’re the ones responsible for our own development. When we’re not paying services like npm, can we really blame them if something goes wrong? In fact some companies use their own private versions of npm to mitigate this risk entirely. Even if this isn’t possible for us all, we should at least be taking steps to ensure what we build is stable.
This video is the first in what we hope will be a series of useful chats on everything web development related. Subscribe to the Pusher YouTube channel to keep up to date on the latest.
Did you find it useful? Are we just really annoying? What do you think about the entire npm debate? We’d love to get your thoughts. Leave a comment below or find us over on Twitter at @Jack_Franklin and @Benjaminbenben.