←back to thread

A steam locomotive from 1993 broke my yarn test

(blog.cloudflare.com)
167 points jgrahamc | 2 comments | 02 Apr 25 13:10 UTC | HN request time: 0s | source
Show context
snovymgodym ◴[02 Apr 25 15:10 UTC] No.43557566[source]
The real story here is that the author and his coworker wasted a bunch of time tracking down this bug because their dev environment was badly set up.

> his system (MacOS) is not affected at all versus mine (Linux)

> nvm use v20 didn't fix it

If you are writing something like NodeJS, 99% of the time it will only ever be deployed server-side on Linux, most likely in a container.

As such, your dev environment should include a dev dockerfile and all of your work should be done from that container. This also has the added benefit of marginally sandboxing the thousands of mystery-meat NPM packages that you will no doubt be downloading from the rest of your machine.

There is zero reason to even mess with a "works on my machine" or a "try a different node version" situation on this kind of NodeJS project. Figure out your dependencies, codify them in your container definition, and move on. Oh, your tests work on MacOS? Great, it could not matter less because you're not deploying there.

Honestly, kind of shocking that a company like Cloudflare wouldn't have more standard development practices in place.

replies(1): >>43557696 #
bilekas ◴[02 Apr 25 15:21 UTC] No.43557696[source]
>If you are writing something like NodeJS, 99% of the time it will only ever be deployed server-side on Linux, most likely in a container.

I'm really curious where you're getting this impression from ? I for one never run docker containers on my dualcore atom server with 4gb ram.. but i have a lot of node services running.

> There is zero reason to even mess with a "works on my machine" or a "try a different node version" situation on this kind of NodeJS project

There are a lot of reasons to investigate these things, infact that's what I would expect from a larger more industry invoved companies, knowing the finer nuances and details of these things can be important. What might seem benign can just as quickly become something really dangerous or important when working on a huge scale such as CloudFlare.

Edit : BTW I do agree mistakes were made, and the hell that is NPM chain of delivery attacks is terrifying. Those are the points I would focus on more personally.

replies(2): >>43558082 #>>43558327 #
throwanem ◴[02 Apr 25 15:52 UTC] No.43558082[source]
The last time I dealt with a non-dockerized Node deployment, at work or at home, was in 2013. That this was also the year of Docker's initial release is no coincidence at all.
replies(1): >>43558175 #
1. bilekas ◴[02 Apr 25 16:02 UTC] No.43558175{3}[source]
I think for production it’s a good move, it just doesn’t feel like a sure assumption that the majority of node services are containerized.
replies(1): >>43558809 #
2. throwanem ◴[02 Apr 25 17:01 UTC] No.43558809[source]
Well, the argument is more that the vast majority of Node services should be containerized, because the potentially large benefit of so doing outweighs the relatively small cost. I can't speak to anyone's assumptions, but I can say I'm inclined to support this argument because my professional experience for many years has been that containerization causes far fewer problems than it solves.