[anonfordays]

>This affected users that did not have a specific version of the JS library pinned and deployed a new version

Par for the course honestly. The amount of garbage that gets called "production" these days is mindboggling. No blue/green or canary deployments, shipping code that has nothing pinned, no clear rollback, etc. This is what happens when anyone can become an EngineerTM after a two week JavaScript boot camp.

[mynameisvlad]

No, actually, it's because Posthog explicitly recommends that as the way to do it, makes their standard npm package unpinnable (as it will always lazy load the most recent version of its modules) and calls version pinning via npm as an "advanced" installation[1].

The ecosystem has plenty of versioning and best practices, but they do jack squat when you recommend to your customers to bypass them and trust that you'll never break your latest build.

[1] https://posthog.com/docs/libraries/js

[vmladenov]

Sure, but just because _they_ suggest that you set your website to depend on https://us.i.posthog.com/static/array.js doesn’t mean you’re off the hook for following that (bad) advice.

[anonfordays]

>No, actually, it's because Posthog explicitly recommends that as the way to do it

Just because a project recommends "curl whatever | bash" to get started doesn't mean it's something you should productionize. You need an engineer that's done more than a bootcamp to understand code pinning, packaging, and deploying in order to ship a supportable, observable system. You're making my point for me.