npm install everything, and the complete and utter chaos that follows
🔗 a linked post to
boehs.org »
—
originally shared here on
We tried to hang a pretty picture on a wall, but accidentally opened a small hole. This hole caused the entire building to collapse. While we did not intend to create a hole, and feel terrible for all the people impacted by the collapse, we believe it’s also worth investigating what failures of compliance testing & building design could allow such a small hole to cause such big damage.
Multiple parties involved, myself included, are still students and/or do not code professionally. How could we have been allowed to do this by accident?
It’s certainly no laughing matter, neither to the people who rely on npm nor the kids who did this.
But man, it is comical to see the Law of Unintended Consequences when it decides to rear its ugly head.
I applaud the students who had the original idea and decided to see what would happen if you installed every single npm package at once. It’s a good question, to which the answer is: uncover a fairly significant issue with how npm maintains integrity across all of its packages.
But I guess the main reason I’m sharing this article is as a case study on how hard it is to moderate a system.
I’m still a recovering perfectionist, and the older I get, the more I come across examples (both online like this and also in my real life) where you can do everything right and still end up losing big.
The best thing you can do when you see something like this is to pat your fellow human on the back and say, “man, that really sucks, I’m sorry.”
The worst thing you can do, as evidenced in this story, is to cuss out some teenagers.