[bartread]

> Not driven by logic, anger...

I don't know that I fully buy this either, at least not the anger part.

I can look back on all this with wry amusement nowadays but I remember it being pretty frustrating at the time.

It sort of felt like, well, either you knew what the impact of unpublishing all your packages would be and you did it anyway, which makes you kind of antisocial, or you didn't know what the impact would be but did it anyway, which makes you kind of a hothead. And in this latest piece Azer has admitted that he didn't understand what the impact would be so... y'know... I do wonder if anger was at least a small factor.

Regardless, it's pretty clear that npm bear a lot of the responsibility for what happened. It's also something that happened a very long time ago and, as I've already implied, is just a funny story nowadays, not something I can manage any ire towards Azer over.

[IggleSniggle]

The 3rd option is the one Azer describes in the post:

He wants to remove his stuff, but isn't sure what the right way to do it is, so he asks npm. npm provides him with a set of scripts to run to remove his stuff, and he, presuming that it's "ok" if npm told him to go ahead and run them, runs them. The impact isn't especially important to him, But since npm just gave him a set of scripts with an implicit "oh okay you want to remove your stuff, here I wrote you a script you can run to get it done," makes it more of an npm choice to handle it in this manner. npm asked him to handle it this way, so he did.

[k__]

What would the alternative have looked like?

If NPM would have prevented the depublishing, he would have made a scene and in the worst case, they would have looked bad.

How they actually handled it, the library author got full freedom but also full responsibility

[msla]

At a certain point, no, you can't unpublish because the world only has one arrow of time. Imagine if Torvalds decides to unpublish his code in the Linux kernel. It's easy to understand how that would work: His code would remain out there for all time because doing anything else would be a massive disruption and cause people actual problems. People don't just give others a way to hurt them like that if they know what they're doing, even if they got a lot of value from them in the past.

Lesson: Vendor your dependencies, I guess. Although a lot of the ire around left-pad was programmers using a library for something so trivial, but that's a different conversation.

[bartread]

> Although a lot of the ire around left-pad was programmers using a library for something so trivial, but that's a different conversation.

Very true.

Although, from 2012 onwards, up to around the time of the leftpad incident, the trend - and the pressure - was to minimise the amount of work your code was doing and to publish tiny packages that only did one thing or solved one problem, deferring to other tiny packages for anything non-core. I remember colleagues more embedded in the JS world than I was passionately arguing for this in 2012/13.

And it did make some sense: bandwidth matters, particularly on mobile devices (which became a key source of traffic during that period) so why pull in some gigantic do everything library when you only need a handful of functions[0]? Sure, minifying and pruning help but, due to JS's nature, pruning can only get you so far.

But, yes, I think leftpad was something of a teaching moment on the downsides of this approach.

[0] Of course, if you then stick 6 different tracking scripts in all your pages, it's super-easy to undo all the good you've done by minimising your bundle size, but that's a different conversation.

[lmm]

> If NPM would have prevented the depublishing, he would have made a scene and in the worst case, they would have looked bad.

I mean he says he asked them to remove all his packages, expecting them to do so gradually, following whatever mitigation strategy they felt appropriate (e.g. some kind of warning and fadeout process), and instead they gave him a script to do it immediately so he did that.

[eviks]

> and in the worst case, they would have looked bad.

As opposed to looking much worse? Easy decision.

[bayindirh]

Personally I understand both Al-Ghazali and "Not driven by logic, anger" parts very well. I have been in that position as well.

Being neutral and seeing a good way forward is not something practiced, taught or celebrated in western, esp. American culture much. One always needs to have a thrust source (mostly an emotion driven by logic, taught during being grown up (e.g.: You should be angry about it)) to make decisions.

In fact, sometimes, you just don't have a thrust source, you just feel like doing it. It feels the right thing to do, and you do it with no emotions attached.

This is a boon, in fact it's called "clarity" brought by being with yourself. Either spending time outdoors, doing some reflection work, or by meditating. I use the same methods when I face with a non-urgent but important decision. Let the way reveal itself. Putting logic and emotions aside and finding the right way is not easy, or the process is not smooth sailing, but I never arrived to a wrong place by following that path.

[nkrisc]

What’s anti-social is unilaterally making your code dependent on someone’s package and then getting mad at them when they choose to remove it.

This whole problem was trivially avoidable, and people get mad at him because they were too lazy to avoid it.

[bartread]

They weren't too lazy to avoid it. Depending on other peoples' packages was actively encouraged within the JS community during that period, and the perceived benefits of doing so were loudly trumpeted.

[nkrisc]

And if you did without due diligence of the downsides, you have only yourself to blame.

Lots of people made a big mistake, they found out the hard way. Lesson learned.

[thomassmith65]

Not to dump on the author, but following the Serenity Prayer would have led to a happier outcome...

grant me the serenity to accept the things I cannot change; courage to change the things I can; and wisdom to know the difference

[pointlessone]

He clearly could delete his packages so he did. In the left-pad incident, apparently, the community didn’t have the serenity to accept that.

[thomassmith65]

Fair enough. If he considered that a victory, then good for him.