[cztomsik]

deno is definitely better in the sense that it's way more compatible with browser and I think that's really big thing in the long run (but nodejs could do that too, eventually)

regarding 1000+ deps, yes that's a bad thing but it's not really about language, it's rather about people. when node started, usual number of dependencies was low.

I know because I was there and I was making fun of maven and how it pulls half of the universe for a simple thing. Now nodejs is pulling the whole universe.

Yet the problem, in my opinion, is not package manager but rather "look I made a package, it does one small thing and it does it well and I dont want it to do more" which leads to many more packages because you really need that thing so what you are going to do? you will add a package on top of package. rinse and repeat and there we are

[oblio]

If the standard library would be richer you'd just ignore half a million of those packages. They'd just die a quiet death.

[littlestymaar]

Look at the python ecosystem and you'll see that it's not the case. Because of its compatibility commitment, a standard library cannot evolve much and its features end up being replaced with external libs.

“The standard library is where modules go to die”

[breatheoften]

Isn't that one of the big justifications for not bundling the standard library?

It seems to me like not shipping the std library with the runtime is potentially one of the biggest language innovations we've seen in awhile because it should allow the std library to evolve over time in a much more graceful way ... -- you'll actually be able to make breaking changes to the std library as folks who are unwilling to update their code can just use the older version (until the ossified code becomes irrelevant which eventually code that is never changed eventually will)

[littlestymaar]

How does it work when you want to use third-party libraries though? (because even if you have the biggest stdlib in existence, you'll still gonna end up using some external libraries no matter what)

[oblio]

Python packages, in general, are much bigger though.

And you'd probably be surprised how much the stdlib is used. In many environments third party libraries have to be vetted by security, or the developers are junior and can't probably check/understand a third party library so they just take the safe option and use the stdlib and hand-code a bit to make it do what they want, etc.

Plus, the third party packages that are used generally have to offer much higher convenience or quality or scope (or all three) to be adopted over the stdlib alternative.

So the bar is much higher than leftpad or is-odd.

[bliteben]

Not really, I mean what do you think is missing from the standard library json package? It obviously solves most use cases since just yesterday flask dropped simplejson. Standard library is just not great for libraries that are not yet stable.

[seumars]

Exactly this. If anything, Deno can help introduce the use of standard libraries as a source of truth to webdevs who may not be familiar with the concept to begin with.

[jayflux]

That does happen (and is happening), its just not often big news https://twitter.com/sindresorhus/status/1320788906888089600

[andrew_]

I think you're underestimating just how passionate the Node crowd is on customization and reusability. There are feature-rich, extremely popular packages which act as a stdlib in many ways for particular functions - yet there are constantly alternatives to ecosystem-dominating packages that spring up. Some gain traction, some do not. I don't see this changing, even with a robust stdlib. It's the culture around the toolset that drives this.

[oblio]

That's just a post hoc rationalization.

The whole "culture" popped up because people wanted to share code between browsers and backends and there's no tree shaking in Javascript, so libraries had to be super small and modular to keep the code small for the front end, where download/unzipping/code parsing/compiling code speed matters.

If browsers get a big stdlib, many of these libraries will just go away (bye, leftpad!).

[Octoth0rpe]

> regarding 1000+ deps, yes that's a bad thing but it's not really about language, it's rather about people.

Not sure that I agree that it's about 'people', except in the sense that every problem with languages/their ecosystems are a people problem because people created them; but I 100% agree that it's not about the language.

My take on the situation is that we have 2 separate issues:

1) Auditing, which is basically an economics issue. It'd help a lot if someone with pockets full o' money were willing to fund a couple mil of auditing infrastructure for npmjs. 2) Devs pulling in lots of packages (which pull in packages, all the way down), which _may_ be partially mitigated by a better base language (no more leftpad, etc). Personally I'm skeptical of the better runtime/language solution.

I think one thing that might help is if there was some automatic way of marking packages as 'safe' in the sense of no side effects, no writing to files, no network activity guaranteed. Such packages could be installed with confidence, and have a lower priority for auditing.

Another possible solution would be a cultural shift among developers to prioritize reducing dependencies with every release. I'd love to see that in a release notes, how many packages were added/removed!

[irrational]

> because you really need that thing so what you are going to do?

When that thing is as simple as left_pad, I’d just copy and paste it into my own code. Or just write it myself.

When did so much of development become glueing other people’s code together? Don’t we all know how to write something as simple as left pad? Why was it ever a good idea to pull it in from somewhere else?