is-number is a project by John Schlinkert. John has a background in sales and marketing before he became an open source programmer and started creating these types of single function packages. So far he has about 1400 projects. Not all of them are this small, though many are.
He builds a lot of very basic functionality packages. Get the first n values from an array. Sort an array. Set a non-enumerable property on an object. Split a string. Get the length of the longest item in an array. Check if a path ends with some string. It goes on and on.
If you browse through it’s not uncommon to find packages that do nothing but call another package of his. For example, is-valid-path provides a function to check if a windows path contains any invalid characters. The only thing it does is import and call another package, is-invalid-path, and inverses its output.
He has a package called alphabet that only exports an array with all the letters of the alphabet. There’s a package that provides a list of phrases that could mean “yes.” He has a package (ansi-wrap) to wrap text in ANSI color escape codes, then he has separate packages to wrap text in every color name (ansi-red, ansi-cyan, etc).
To me, 1400 projects is just an insane number, and it’s only possible because they are all so trivial. To me, it very much looks like the work of someone who cares a lot about pumping up his numbers and looking impressive. However the JavaScript world also extolled the virtues of these types of micro packages at some point so what do I know.
And anyone who has been around for a while should remember when left-pad broke node.js. Including unnecessary dependencies, instead of writing trivial code is just bad practice.
To me, 1400 projects is just an insane number, and it’s only possible because they are all so trivial.
Holy shit. I’m going to have to go through my team’s dependencies. I don’t feel confident that someone “maintaining” that many projects is going to be able to keep all bad actors at bay. Not to mention, none of the examples of his libraries that I’ve seen SHOULD be libraries.
It looks like “is-number” was never more than a few simple lines of code. It still has 68 million downloads per week.
https://www.npmjs.com/package/is-number
I checked one of our main projects at work, and it’s in there as a dependency 6 levels deep via the “sass” package.
is-number is a project by John Schlinkert. John has a background in sales and marketing before he became an open source programmer and started creating these types of single function packages. So far he has about 1400 projects. Not all of them are this small, though many are.
He builds a lot of very basic functionality packages. Get the first n values from an array. Sort an array. Set a non-enumerable property on an object. Split a string. Get the length of the longest item in an array. Check if a path ends with some string. It goes on and on.
If you browse through it’s not uncommon to find packages that do nothing but call another package of his. For example, is-valid-path provides a function to check if a windows path contains any invalid characters. The only thing it does is import and call another package, is-invalid-path, and inverses its output.
He has a package called alphabet that only exports an array with all the letters of the alphabet. There’s a package that provides a list of phrases that could mean “yes.” He has a package (ansi-wrap) to wrap text in ANSI color escape codes, then he has separate packages to wrap text in every color name (ansi-red, ansi-cyan, etc).
To me, 1400 projects is just an insane number, and it’s only possible because they are all so trivial. To me, it very much looks like the work of someone who cares a lot about pumping up his numbers and looking impressive. However the JavaScript world also extolled the virtues of these types of micro packages at some point so what do I know.
Wow you’re right, he’s the author of the infamous “is-odd” and “is-even” packages. What an odd person.
Someone in the OP PR mentioned the amount of energy used to download these tiny packages and its actually something crazy to think about
It makes you wonder why anyone uses them though, since so many of them do things that are trivial in modern JavaScript.
And anyone who has been around for a while should remember when
left-padbroke node.js. Including unnecessary dependencies, instead of writing trivial code is just bad practice.Holy shit. I’m going to have to go through my team’s dependencies. I don’t feel confident that someone “maintaining” that many projects is going to be able to keep all bad actors at bay. Not to mention, none of the examples of his libraries that I’ve seen SHOULD be libraries.
What a sassy package depency