Talking left-pad, NPM and dependencies in front-end development

Last week a module called left-pad, just 11 lines of JavaScript long, broke the internet. The module — relied on by the likes of Babel, React and other popular libraries — was removed from npm (the package manager for NodeJS) and suddenly everything stopped working as it should.

Unsurprisingly developers around the world began to panic. In fact the problem became so widespread npm were forced to republish the module, getting it back online and fixing web development as we know it. The npm team wrote an in depth explanation of the whole left-pad fiasco on their blog if you’re interested in reading more.

Over at Pusher this got us thinking about what this incident means for npm, and dependencies in general. So Ben Foxall and I grabbed a coffee by the Pusher offices to chat things through.

What can we learn?

To summarise our ramblings above there’s a few things we can learn from the debacle.

• Removing all dependencies isn’t practical. When solutions are easy enough to implement ourselves there’s no excuse not to do it. At the same time we’ve already seen npm taking this incident seriously and tightening up its own publishing system as a result.
• Front-end development is getting REALLY complicated. A few years ago client-side JavaScript applications didn’t really exist. We’re not really used to this and over the next few years we hope that new tools will emerge to help developers deal with this shift.
• We’re the ones responsible for our own development. When we’re not paying services like npm, can we really blame them if something goes wrong? In fact some companies use their own private versions of npm to mitigate this risk entirely. Even if this isn’t possible for us all, we should at least be taking steps to ensure what we build is stable.

This video is the first in what we hope will be a series of useful chats on everything web development related. Subscribe to the Pusher YouTube channel to keep up to date on the latest.

Did you find it useful? Are we just really annoying? What do you think about the entire npm debate? We’d love to get your thoughts. Leave a comment below or find us over on Twitter at @Jack_Franklin and @Benjaminbenben.