It seems like create-react-app broke because of an error in one of its npm dependency. The dependency itself is just one line of code, more specifically it checks to see whether a certain object is like a promise or not (is an object with then
method).
https://github.com/then/is-promise/issues/13#issuecomment-619402307
The issue seems to have been resolved, as I can create a new react app using create-react-app
This situation reminds me, and apparently many others, of the time when one package was unpublished from npm and caused many projects to fail.
The package under question here is is-promise and has this code
function isPromise(obj) {
return !!obj && (typeof obj === 'object' || typeof obj === 'function') && typeof obj.then === 'function';
}
So what are your thoughts on it? Should such trivial functions be inlined? Or are there better alternatives?
Top comments (6)
I'll admit I don't know that much about npm and dependency management (so take what I say with a grain of salt), but should packages like
create-react-app
be more wary of accepting minor version bumps of dependencies? In this caseis-promise
went from v2.1 to 2.2 and then caused this issue, shouldcreate-react-app
(or whatever dependency it relied on that in turn relied onis-promise
) have not automatically accepted this version bump?I know it's not directly
create-react-app
's fault, but I wonder what we can do about it from the perspective of the packages that use these dependencies. What's stopping someone from putting dodgy code in their widely-used package and doing a minor version bump?I think we should be explicit about the version that we depend upon and change the dependency version only when we are sure that we want to upgrade and that our code does not break. I know this means more work to do and keep track of, but maybe it is the price we have to pay for stability, and especially in case of popular packages like
create-react-app
.My thoughts is that it just shows that the whole JS framework bandwagon is a prime example of horrible decisions escalating in the wrong direction. Simple. It is also an example of what will KEEP happening, until better engineering decisions start to be made and people start owning their choices and code responsibly. It is pure garbage and negligence.
It's the typical example: if a doctor would try to treat you without any safety measures, if you noticed he was nervous, sloppy, if his office was full of garbage, probably you'll walk way.... In Computer science we do the opposite.
Not sure if that is true. That is why we have typescript π
I just randomly opened this DEV article on React. And saw my fellow countrymen from Biratamode. Just wanna wish Good Luck with your company at Birtamode. :)
Thanks, man. It's always nice to hear from someone from my own country. That is why I have been recommending
dev.to
to all of my colleagues; being a part of a community like this is very rewarding.Wish you good luck with your endeavors too.