• Gamma@beehaw.org
    link
    fedilink
    English
    arrow-up
    26
    ·
    edit-2
    4 months ago

    It handles a few weird edge cases, mostly. Only 7 meaningful lines of code and almost 70M downloads week!

    • Admiral Patrick@dubvee.org
      link
      fedilink
      English
      arrow-up
      28
      ·
      4 months ago

      Sadly, it’s a stupid dependency of a lot of things.

      Just ran npm explain is-number on one of my projects, and it’s a dependency of to-regex-range which is a dependency of fill-range which is a dependency of…and so on up the chain.

      I was hoping I wouldn’t find that in there, but alas, it is.

    • nickwitha_k (he/him)@lemmy.sdf.org
      link
      fedilink
      arrow-up
      9
      arrow-down
      1
      ·
      edit-2
      4 months ago

      I don’t get the concept that depending on 7 lines of code from a third-party package is remotely acceptable. It’s expanding the potential attack surface to save a dev from templating 7 lines of boilerplate. There’s no net benefit or appreciable time saved.

      I’m glad I don’t have to deal with this regularly.

      ETA: The package is even MIT licensed! There’s no excuse but laziness and not wanting to understand the code to import this rather than inlining or implementing a novel version. If I can spend the time to write:

      if err != nil {
        slog.Warn("well shit", "error", err)
        return err
      }
      

      after every function call…I just didn’t get it.