Another one-line npm package breaks the JavaScript ecosystem

javascript.png

An update to a tiny JavaScript library has thrown a large part of the JavaScript ecosystem into chaos on Saturday, with millions of projects believed to have been impacted.

Making the entire situation ridiculously absurd is that the whole mess was caused by a “one-liner” JavaScript library, marking this the second time when a tiny JavaScript project has caused widespread issues.

The is-promise one-liner

The package at the heart of this weekend’s problems is named is-promise. The library consists of two lines of raw source code, and developers can use it in their projects via a one-liner call.

Its purpose is to let developers test if a JavaScript object is a “Promise,” with the function returning a boolean result of yes or no when used in production.

Coinbase 2

Despite being just two lines of code that perform a basic check, the is-promise library is one of today’s most popular JavaScript npm packages (libraries). According to GitHub, the library is part of more than 3.4 million projects and used as a dependency by 766 other JavaScript libraries.

Over the weekend, the is-promised library was updated to receive support to work as an ES module — the standardized module system used by the JavaScript language.

However, the is-promise v.2.2.0 release didn’t adhere to the proper ES module standards. As soon as the update was out, projects that used is-promise inside their build chain started failing due to the improper ES module support [1, 2, 3, 4, 5, 6, 7, 8, 9, 10].

The effect of the error was felt immediately, and impacted from closed-source JavaScript codebases to some of the JavaScript ecosystem’s biggest projects.

This included Facebook’s Create React App (the standard template for creating React apps), Google’s Angular.js framework, Google’s Firebasse-tools, Amazon’s AWS Serverless CLI, Nuxt.js, AVA, and more.

The bug didn’t crash existing projects, so there was no actual downtime, but it did prevent developers from compiling new versions of their projects.

The is-promise team released an update but did not manage to fix the issue, and eventually rolled back the ES module support in v2.2.2, released a few hours after the dominos started falling around it.

Happened before in 2016

This incident marks the second time that a tiny JavaScript library caused problems all over the JavaScript ecosystem. Something similar happened in March 2016, when the author of the left-pad JavaScript library (another project amounting to 17 lines of code) decided to unpublish the library out of the blue, breaking thousands of projects in a similar way.

As it did in 2016, the is-promise incident raised questions and started discussions on the need to have one-liner libraries available in the ecosystem.

The same arguments are being raised again, as have been raised in 2016, and in years before, in the ecosystems of other programming languages.

There’s the side who says that modularization is going too far when developers are creating libraries that only account for a few lines of code, for the most trivial of operations.

Then there’s the side which argues that modularization of such items is needed, as in this manner, “Task A” could be managed inside one module, rather than have thousands of developers deal with it in their own projects in different ways.

Discussions about modularization have been raging for years and they’re most likely not going to reach a conclusion anytime soon.

Open Source

Another one-line npm package breaks the JavaScript ecosystem 1
blank
About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

blank

E-Crypto News Executive Interviews


blank

bitcoin
Bitcoin (BTC) $ 33,867.00
ethereum
Ethereum (ETH) $ 2,162.01
tether
Tether (USDT) $ 1.00
binance-coin
Binance Coin (BNB) $ 302.94
cardano
Cardano (ADA) $ 1.21
xrp
XRP (XRP) $ 0.609035
usd-coin
USD Coin (USDC) $ 1.00
dogecoin
Dogecoin (DOGE) $ 0.195029
polkadot
Polkadot (DOT) $ 13.57
binance-usd
Binance USD (BUSD) $ 0.999557
USD
EUR
GBP
bitcoinBitcoin (BTC)
$ 33,867.00
ethereumEthereum (ETH)
$ 2,162.01
tetherTether (USDT)
$ 1.00
bitcoin-cashBitcoin Cash (BCH)
$ 457.40
litecoinLitecoin (LTC)
$ 125.61
bitcoinBitcoin (BTC)
28.688,23
ethereumEthereum (ETH)
1.831,41
tetherTether (USDT)
0,847085
bitcoin-cashBitcoin Cash (BCH)
387,46
litecoinLitecoin (LTC)
106,40
bitcoinBitcoin (BTC)
24,602.17
ethereumEthereum (ETH)
1,570.56
tetherTether (USDT)
0.726435
bitcoin-cashBitcoin Cash (BCH)
332.27
litecoinLitecoin (LTC)
91.25

Automated trading with HaasBot Crypto Trading Bots

Crypto Scams

Cryptocurrency Exchanges
Cryptocurrency Exchanges and the Plague of Scams and Bans
June 29, 2021
blank
What Role Do Cryptocurrencies Play In The Era Of Ransomware Attacks?
June 9, 2021
Crypto Scams On The Rise As Market Enters Bull Cycle
Crypto Scams On The Rise As Market Enters Bull Cycle
December 22, 2020
Harpreet Singh Sahni perpetrated the Plus Gold Union Coin (PGUC) scam
Sydney Concert Promoter Harpreet Sahni Involved In $50M Crypto PGUC Scam
November 2, 2020
KuCoin hackers steal $150 million
KuCoin Exchange Hacked But Insurance Will Cover The Stolen $150M
September 29, 2020

Blockchain/Cryptocurrency Questions and Answers

Short-Sell Cryptocurrency
How to Short-Sell Cryptocurrency: A Brief Overview
July 17, 2021
Klaytn
What Is Klaytn (KLAY) And How Does It Work?
July 16, 2021
Cryptocurrencies
Our Crypto Roundup Interview Asks- Do Cryptocurrencies Have a Future?
July 15, 2021
Solana
What Is Solana (SOL) And How Does It Work?
June 26, 2021
blank
What Is Plethori Platform And How Does It Work?
June 12, 2021


CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin33,826 0.15 % 3.78 % 7.73 %
Ethereum2,156.1 0.22 % 3.78 % 15.04 %
Tether1.000 0.12 % 0.18 % 0.14 %
Binance Coin302.79 0.47 % 4.08 % 0.13 %
Cardano1.210 0.27 % 2.19 % 3.35 %
XRP0.6071 0.37 % 1.54 % 2.66 %
USD Coin0.9997 0.22 % 0.21 % 0.09 %
Dogecoin0.1949 0.04 % 1.09 % 11.48 %
Polkadot13.57 0.92 % 4.82 % 12.93 %
Binance USD0.9993 0.25 % 0.46 % 0.53 %

bitcoin
Bitcoin (BTC) $ 34,647.00
ethereum
Ethereum (ETH) $ 2,165.11
tether
Tether (USDT) $ 1.00
binance-coin
Binance Coin (BNB) $ 299.81
cardano
Cardano (ADA) $ 1.22
xrp
XRP (XRP) $ 0.603589
usd-coin
USD Coin (USDC) $ 1.00
dogecoin
Dogecoin (DOGE) $ 0.198588
polkadot
Polkadot (DOT) $ 13.53
binance-usd
Binance USD (BUSD) $ 1.00