DEV Community

Cover image for Why JS Ecosystem is a MESS?
aayush
aayush

Posted on

Why JS Ecosystem is a MESS?

Every month, GitHub dependabot notifications force you to upgrade some dependency or another, so what could possibly go wrong? At least, that's what I thought.

After the upgrade, the project refused to build with the error
Syntax Error: TypeError: eslint.CLIEngine is not a constructor.

Really? A syntax error in a tiny project that was building just fine before the upgrade, and that too, not in the little code I wrote, but in the tooling?

I don't recall any language's environment being "modernized" in this way, becoming so absurdly intricate that one would mistake it for a joke. Naturally, the symptoms were visible with the leftpad.

With each upgrade, I'm sick of seeing breaking changes in WIP projects.

Is this something I'm experiencing alone?

What are your thoughts on the matter?
I'd be delighted to hear it.

Please share your views on this.

Top comments (10)

Collapse
 
andrewbaisden profile image
Andrew Baisden

Pretty sure this is common across all programming languages. Anytime there are changes or updates to the language bugs and issues sometimes appear. But these get fixed over time.

Dependabot is just doing its job.

Dependabot helps you keep your dependencies up to date. Every day, it checks your dependency files for outdated requirements and opens individual PRs for any it finds. You review, merge, and get to work on the latest, most secure releases. Dependabot is a tool in the Dependency Monitoring category of a tech stack.

stackshare.io/dependabot

Collapse
 
devash profile image
aayush

It hurts when something breaks for no reason.

Collapse
 
naveennamani profile image
naveennamani

Too much dependencies makes this even more worse. You install one package which has more than 100 dependencies and those dependencies have again more dependencies and so on. When the depth and breadth of this dependency tree gets minimal, this kind of breaking changes effects less because you have less packages to worry about.

But honestly, once I start a project, I never upgrade or update any packages unless it has some bugs which breaks my progress. Even for updating I create a new gitpod instance, and manually update all major dependencies one by one to detect the spoiler early on.

Collapse
 
devash profile image
aayush

I guess Ryan was so right when he said NPM was a mistake. I am glad he came up with Deno.

Collapse
 
ivan_jrmc profile image
Ivan Jeremic • Edited

This is not a JS issue that is normal in all languages upgrade test if it fails help fix it util it works then upgrade again and merge.

Collapse
 
devash profile image
aayush

Not at all. Things are much better in the worlds of Go and Deno.

Collapse
 
ivan_jrmc profile image
Ivan Jeremic

Not at all you are just repeating stuff you read. Why do you think so manny people are now recreating the package.json as deps.ts, also there is still no solution to someone changing the code of the same version without you even noticing.

Thread Thread
 
naveennamani profile image
naveennamani

also there is still no solution to someone changing the code of the same version without you even noticing.

That's an interesting problem

Collapse
 
tzwel profile image
tzwel

just don't upgrade when you don't have to

Collapse
 
devash profile image
aayush

It is not always possible. 🤗