Most active commenters

    ←back to thread

    The tragedy of running an old Node project

    (abdisalan.com)
    272 points abdisalan | 25 comments | 18 Nov 24 18:24 UTC | HN request time: 0.428s | source | bottom
    1. sgt ◴[18 Nov 24 18:28 UTC] No.42175354[source]
    I've actually had a node project go bad in a mere 4 months. It must be a new record. That was about 4-5 years ago though.

    Hopefully the ecosystem as improved since then, but it was nearly impossible to get going.

    Some packages had been changed and the version number overwritten with incompatible packages, and the conflicts were plenty.

    replies(4): >>42175458 #>>42175556 #>>42176160 #>>42176366 #
    2. abdisalan ◴[18 Nov 24 18:38 UTC] No.42175458[source]
    Wow, that’s honestly impressive.

    If there was an option to guarantee versions could exist for X amount of years (maybe even months?) then that would greatly help the stability of projects.

    3. jerf ◴[18 Nov 24 18:48 UTC] No.42175556[source]
    One of the things I'm intrigued by is that JS people, and the other couple of ecosystems where this is a big problem, go out to learn another language (as a good T-shaped developer does), and then start posting frantic questions to the new language's communities about how this popular library hasn't had a commit in six weeks, is it dead, oh my gosh wtf aaaaaaaaaaa.

    It's OK. Not every language ecosystem is so busted that you can reliably expect a project not to work if someone isn't staring at it weekly and building it over and over again just in case. Now, it's always a risk, sure, no language anywhere is immune to the issue [1], but there's plenty of languages where you can encounter things from 5 years ago and your default presumption is that it's probably still working as well now as it did then. It may be wrong, but it's an OK default presumption.

    [1]: Well... no language in common use anyhow. There's some really fringe stuff that uses what is basically content-based references for code dependencies, but I'm not aware of anything that I'd call "production quality" that even remotely looks like that, and is immune to someone just plain making an error with the semantic versioning or whatever.

    replies(3): >>42175615 #>>42175633 #>>42176233 #
    4. rootnod3 ◴[18 Nov 24 18:53 UTC] No.42175615[source]
    These JS developers would probably shiver at seeing many Common Lisp repos with a last commit like 12 years ago and still working like a charm.
    replies(3): >>42175670 #>>42175679 #>>42189332 #
    5. toast0 ◴[18 Nov 24 18:55 UTC] No.42175633[source]
    > frantic questions to the new language's communities about how this popular library hasn't had a commit in six weeks

    Lol, my perspective is almost the opposite. If it's got a lot of commits in the last six weeks, I need to look for something that's stable. Unless there's a good reason for so many commits; I feel like that many commits means it's in active development, which implies the requirements and interfaces aren't yet determined and who wants to rely on that?

    6. kaptainscarlet ◴[18 Nov 24 18:57 UTC] No.42175670{3}[source]
    Node is bad but the worst I have seen is Android
    replies(1): >>42175700 #
    7. abdisalan ◴[18 Nov 24 18:58 UTC] No.42175679{3}[source]
    I’m curious, how do you measure the pulse of a project that old? Do people still talk about it? Or that not even necessary — use it until it breaks and otherwise don’t think about it?
    replies(3): >>42175769 #>>42176012 #>>42177737 #
    8. telgareith ◴[18 Nov 24 19:00 UTC] No.42175700{4}[source]
    How about node on android?
    replies(1): >>42175849 #
    9. toast0 ◴[18 Nov 24 19:08 UTC] No.42175769{4}[source]
    If it has an issue tracker, you can look in there for things that look like real issues and are unaddressed.

    If there's no issue tracker, you can YOLO and try it and see if it works, or you can look around at the code and see if it looks reasonable.

    Even if there are unaddressed issues, you can always use it and fix it when it breaks. If it's reasonable enough, it's a good start anyway. And at least my assumption with open source is I'm going to be fixing it when it breaks, so lack of a pulse is better than churn.

    10. lpapez ◴[18 Nov 24 19:16 UTC] No.42175849{5}[source]
    Delete this comment right now, don't give them ideas.
    replies(1): >>42176061 #
    11. swatcoder ◴[18 Nov 24 19:32 UTC] No.42176012{4}[source]
    Why do you want your building materials to have a pulse?

    Ideally, in adopting dependencies, you should be looking for a mature utility whose design was clear and implementation is complete.

    If it's open source, you should be able to read and unserstand the code yourself, and you should make an earnest effort to do so, in case it has faults you wouldn't usually allow in your own code and in case you need to fork it at some point.

    This lets you you build well-designed, stable, maintainable, clear things yourself.

    The alternate, building your project on a random collection of "living" projects undergoing active development is how you banish yourself to perpetual maintenance, build failures and CVE warnings that have nothing to do with your work, surprise regressions when you update your referenced version (you are, at least, pinning your versions??), etc

    replies(1): >>42176500 #
    12. ian-g ◴[18 Nov 24 19:36 UTC] No.42176061{6}[source]
    Too late, we already have react native
    replies(2): >>42180346 #>>42199355 #
    13. int_19h ◴[18 Nov 24 19:47 UTC] No.42176160[source]
    The ecosystem has not improved since then.
    14. kamma4434 ◴[18 Nov 24 19:54 UTC] No.42176233[source]
    I would expect most Java projects from 20 years ago to compile and run with zero issues.
    replies(1): >>42176678 #
    15. meiraleal ◴[18 Nov 24 20:10 UTC] No.42176366[source]
    the problem was your research before using the packages then. So much bad engineering and architectural planning is blamed on the tools, not the human using it.
    16. Macha ◴[18 Nov 24 20:22 UTC] No.42176500{5}[source]
    Something like a HTTP 1.1 client is something you might expect would be a pretty stable thing that doesn't need too many updates, right?

    But I would not assume that a HTTP client that has been untouched in 12 years supports SNI, for example, which means that actually it might be totally useless for a lot of modern sites (certainly Android did not support SNI 12 years ago).

    replies(1): >>42183951 #
    17. watsocd ◴[18 Nov 24 20:35 UTC] No.42176678{3}[source]
    Absolutely not. Not on the client side anyway.

    I know of one application by a large multinational that requires java in the browser to run. Almost impossible to run now because of security restrictions.

    replies(2): >>42176905 #>>42183200 #
    18. em-bee ◴[18 Nov 24 20:55 UTC] No.42176905{4}[source]
    well java on the desktop and java in the browser are two entirely different beasts. the problem here is not java but the changes that have been made in the browser.
    19. cousin_it ◴[18 Nov 24 22:20 UTC] No.42177737{4}[source]
    Maybe "pulse" could be transitive? Like, if a project doesn't have many recent commits, but many projects using it have recent commits.
    20. kaptainscarlet ◴[19 Nov 24 05:35 UTC] No.42180346{7}[source]
    It's a double whammy
    21. kimi ◴[19 Nov 24 13:30 UTC] No.42183200{4}[source]
    We do have some very old and likely lost all sources "client apps" that are a single JAR and date from around 2003-2004, written in Swing. They still work.

    Of course when they stop working they will be phased out, but we have been expecting their death for years now and not happening yet.

    22. popcalc ◴[19 Nov 24 14:43 UTC] No.42183951{6}[source]
    You're going to put it behind nginx anyways, right? So why does it even matter?
    replies(1): >>42183988 #
    23. Macha ◴[19 Nov 24 14:47 UTC] No.42183988{7}[source]
    Client, not server.
    24. ◴[19 Nov 24 23:49 UTC] No.42189332{3}[source]
    25. plaidphantom ◴[20 Nov 24 23:42 UTC] No.42199355{7}[source]
    And Nativescript.