• tourist@lemmy.world
    link
    fedilink
    arrow-up
    4
    ·
    2 days ago

    arbitrary npm package:

    • last updated 4 years ago
    • sole developer legit dead and buried
    • 47 dependencies
    • 608 critical vulnerabilities
    • condemned by the United Nations

    Still has 7 million weekly downloads

    • MadMadBunny@lemmy.ca
      link
      fedilink
      arrow-up
      2
      ·
      2 days ago

      Please mark this as NSFL.

      Seriously, who the fuck starts a conversation like this, I just sat down!!

    • Troy@lemmy.ca
      link
      fedilink
      arrow-up
      3
      ·
      2 days ago

      I love hitting these things in the real world. Not the big, but the comment. You just know someone spent a fortune in time and company resources to never solve the problem and their frustration level was ragequit. But then something stupid like adding

      while (0){};

      Suddenly made it work and they were like, fuckit.

      Usually it’s a bug somewhere in a compiler trying to over optimize or something and putting the line in there caused the optimization not to happen or something. Black magic.

      The downside is that the compiler bug probably gets fixed, and then decades later the comment and line are still there…

      • GarlicToast@programming.dev
        link
        fedilink
        arrow-up
        1
        ·
        1 day ago

        The real world case I remember also included a TODO to return and fix the code later. In a published scientific software. I wonder how many paper were messed up by this buggy software. As I looked at the code due to the amount of bugs I encountered.

        It’s been many years from publication, and to the surprise of no one, they did not return to fix it.

      • zea@lemmy.blahaj.zone
        link
        fedilink
        arrow-up
        2
        ·
        1 day ago

        And then the compiler updates to get better at spotting optimization opportunities and it blows up again

  • Gork@lemm.ee
    link
    fedilink
    arrow-up
    1
    ·
    2 days ago

    Mmm yes. Unexplained issues that have a single mention in StackOverflow five years ago, have a single reply by the author just saying “nvm I figured it out” and doesn’t explain the resolution.

      • frezik@midwest.social
        link
        fedilink
        arrow-up
        3
        ·
        2 days ago

        I’ve found that that comic alone has reduced the instances of this sort of thing happening. Not completely, of course, but when people figure it out, they seem much more likely to post the solution. Randall may have single-handedly improved the Internet a few points with that one comic.