[allenskd]

> Building a new React app with create-react-app requires 4304 directories and 28678 files.

Finally, of course I don't consider myself the only person thinking about it but someone finally pointed the elephant in the room because it's been bugging me for a very long time, especially with anything related to NodeJS it feels like to actually get somewhere you need to pull hundreds if not thousands of tiny libraries dependencies. Once 1, 2, 50 of those tiny libraries becomes unmaintained and fall into a high risk vulnerability and there's no replacement that's it , you have to start taking care of it yourself. It could happen in any language, yes, but I feel it's more prone to happen in NodeJS given the nature of .... pulling hundreds of modules, even with Java/Maven you don't really pull that many libraries into your application unless it has some really wide scope in it.

I don't have any beef with NodeJS itself but the whole subject of having so much boilerplate code needed to get yourself started is a bit insane. I get that hardware has become more powerful and storage is cheap but... at which point is it no longer okay and becomes a burden to distribute said apps?

[pldr2244]

Nobody in the world is arguing against the fact that CRA is overkill for a Hello World application.

Luckily, that’s not it’s target space.

If you engineer frontend applications of even moderate complexity, you will eventually start to pull in tooling + dependencies + configuration to handle real world use cases. Eventually? You end up with a once-off, home-grown variant of... what CRA emits anyway.

[dpeck]

it happened, https://www.theregister.co.uk/2016/03/23/npm_left_pad_chaos/

[jhabdas]

There are some good threads (if we could call them that) on GH related to how LeftPad "broke the Internet" and the original stories about it from Kik are/were on Medium. Surfing through the related GH threads lead me to ZeroNet[1], which is fantastic P2P web alternative which works offline and updates in real-time. It also has a decentralized GitHub alternative which would mitigate situations like LeftPad.

[1]: https://zeronet.io

[goldenkey]

I couldn't help but revise the code because it failed to even use minus-equals and is severely unoptimized.

Here is my rendition. Mind you, this is mainly for IE as ES6 has a String.padStart method. I would also use Array(n).fill() but again, IE does not support it, so manual string appending is the sacrifice to make..

  module.exports = function(str, len, ch) {
    if (ch === undefined || ch === '') ch = ' ';

    str += "";
    len -= str.length;
    len /= ch.length;

    var pre = "";
    while (--len >= 0) pre += ch;

    return pre + str;
  }

[ng12]

How big is the JDK? How big is Spring? Would you include both when calculating the size of a simple Java app that prints "Hello World"? Probably not.

Remember that node_modules contains the entire world: it contains your compilers, transpilers, development server, development toolchain, and runtime libraries. All software is built on the shoulders of giants and Node's only mistake was making it plainly visible.

[jhabdas]

And that Hello World probably isn't isomorphic, which limits the ability of crawlers other than the most sophisticated to actually see the data. Want to make it crawlable? Add another 70,000+ dependencies.

[Yhippa]

I'm starting to see advertising and begging for work in the output of these builds. I'm scanning the console for errors and these things accidentally get my attention falsely.