ec changed the topic of #elliottcable to: a 𝕯𝖊𝖓 𝖔𝖋 𝕯𝖊𝖙𝖊𝖗𝖒𝖎𝖓𝖊𝖉 𝕯𝖆𝖒𝖘𝖊𝖑𝖘 slash s͔̞u͕͙p͙͓e̜̺r̼̦i̼̜o̖̬r̙̙ c̝͉ụ̧͘ḷ̡͙ţ͓̀ || #ELLIOTTCABLE is not about ELLIOTTCABLE
<purr\GH>
merlin/denite ba751c9 ELLIOTTCABLE: + adding types to Denite listing of locate
<purr\GH>
merlin/denite a7169cb ELLIOTTCABLE: + trying to add a default Denite-action - currently broken
kaftoot has quit [Ping timeout: 252 seconds]
mylesborins has quit [Quit: farewell for now]
mylesborins has joined #elliottcable
<jfhbrook>
ec: neat--speaking of weird functional langs I've been trying to learn scala off and on lately, off the rails a little the last month due to depressive symptoms but hey
<yorick>
I don't really think javascript tooling is any good
<yorick>
incremental builds are terrible and have you even experienced webpack and that's supposedly the best
<yorick>
npm was broken *again* last week
<joepie91>
yorick: depends on your metric of good
<joepie91>
from a technical/architectural perspective it's generally a complete clusterfuck
<joepie91>
from a usability / feature set perspective it often scores much better than tooling for other languages
<jfhbrook>
if you're referencing the deleted packages, that was operator error, not anything with the code itself
<jfhbrook>
(beyond not supporting a more reasonable course of action given what the operator thought they had to accomplish)
<jfhbrook>
I agree that webpack is heinously complicated
<jfhbrook>
though most build systems suck
<jfhbrook>
haven't seen one that's any good yet and I've looked at a few
<jfhbrook>
there's some new zero config ones in javascript, like bankai, that might be interesting
<yorick>
I like makefiles
<yorick>
jfhbrook: it should've been impossible for other people to register the packages instantly, that's the main thing
<jfhbrook>
no I agree
<jfhbrook>
but you understand what they did right?
<jfhbrook>
they rm -rf'd the user and all their packages
<jfhbrook>
they haven't built the concept of locking a user or packages like that
<yorick>
iirc they claimed "automated spam-filter"
<jfhbrook>
that *flagged* it
<jfhbrook>
a real person pressed the red button
<yorick>
their post on it should've mentioned that they're at least making this
<joepie91>
jfhbrook: well, the npm incident was just a registry problem, and it was definitely a security failure on npm's end
<joepie91>
as in, this should never ever have been possible even with that bug
<joepie91>
but they know that afaik
<joepie91>
I just hope that for once they will start building checks for these things proactively instead of waiting for it to break / somebody to tell them and then building it reactively...
<joepie91>
(the issue would have been totally preventable, had they built the right proactive checks beforehand)
<joepie91>
example: a separately replicated list of 'used' package names that is consulted separately from the main database
<joepie91>
append-only list, specifically
kaftoot has joined #elliottcable
kaftoot has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
kaftoot has joined #elliottcable
kaftoot has quit [Client Quit]
kaftoot has joined #elliottcable
kaftoot has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<ljharb>
yorick: "incremental builds" is one super tiny facet of javascript tooling tho
<yorick>
ljharb: so the package management is terrible, the linting is meh, the build systems are terrible
<ljharb>
the package management isn't terrible
<ljharb>
npm is one of the top 3 package managers on the planet
<ljharb>
also i'm not sure what you mean about linting
<ljharb>
(i mean, everything's terrible always and has room to improve, but i assume we're talking relative to other languages)
<ljharb>
the only thing i'm aware of that's almost as good for linting an equally dynamic language is rubocop for ruby
fujisan has joined #elliottcable
<jfhbrook>
I agree, for all npm's warts I'd say it's better than a lot of them
* joepie91
also agrees
<jfhbrook>
minus the lockfile kerfuffle
<jfhbrook>
but even that is whatever
<jfhbrook>
it's certainly better than, say, pip, and I assume better than bundler
<jfhbrook>
maven/ivy work ok but sonatype is like, lolwat this piece of shit runs open source jvm libs?
<jfhbrook>
cabal for instance is notoriously bad, php has 2 package managers one of which is an npm rip-off (thank god, it's not actually that bad)
<jfhbrook>
idk what the other 2 package mangers ljharb had in mind, but I'd put npm up there
<jfhbrook>
oh, you should also roll not just package managers here, but packages in general--node's json manifests are really good because they're json; virtually nobody gets this right
<joepie91>
jfhbrook: cargo is pretty good also
<jfhbrook>
most package formats use code to specify the metafiles entry point, for instance setup.py
<joepie91>
definitely belongs in the top 3
<joepie91>
and yes, I never understood that
<joepie91>
how is that not really obviously a bad idea
<jfhbrook>
well like, there are some cool consequences of it, but most of those use cases are handled pretty well by run-scripts
<jfhbrook>
or hooks you run before publishing
<jfhbrook>
(I don't remember if pre-publish hooks were ever fixed)
<joepie91>
shrug, have not yet run into a case that can't be solved better otherwise
<joepie91>
:p
<jfhbrook>
I've seen some interesting setup.py hacks
<jfhbrook>
for instance mine sets the long_description field to the contents of the readme, which is what's used to populate pypi.org's info, amongst other things
<joepie91>
I've had to disassemble some, and I've always come to the conclusion that "this really should have been solved differently, if only pip supported doing so"
<joepie91>
lol
<jfhbrook>
I've also seen people pull in pip internals (though they broke API to make this harder because they're fucking morons) to parse requirements.txt files for fake versioned package lists
<jfhbrook>
as may be known, requirements.txt is actually a lockfile format
<jfhbrook>
a really bad lockfile format since it allows ranges and missing specified deps, but nonetheless it's better designed for a pip freeze > requirements.txt than anything else
<jfhbrook>
pip is so bad they just made a wrapper for it
<jfhbrook>
imo the wrapper has bad opinions vis a vis lockfiles
<jfhbrook>
but hey
<jfhbrook>
oh, they invented a new lockfile format, because of course they did
<jfhbrook>
course I use anaconda at work -_-
<jfhbrook>
I don't hate anaconda as much as a lot of people, but it's like, oh the python package management and environment management are so shitty we're going to write our own solution
<jfhbrook>
and that solution is at least equally shitty, but in slightly different ways
<jfhbrook>
I could go on
<jfhbrook>
you wanna bitch about a tooling ecosystem, look to python
<jfhbrook>
oh! and get this
<jfhbrook>
flake8 wraps 3 different linters because they all do different things
<jfhbrook>
multi-env testing systems are extremely brittle, like tox is a cool idea but it breaks in a ton of scenarios
<jfhbrook>
aaaaand
<jfhbrook>
static analysis is like, it's kind of a thing, but it's not all that good either
<jfhbrook>
despite being worked on by python core
<joepie91>
jfhbrook: tooling is one of the main reasons I left Python, so :P
* ec
laughs
<ec>
yes all of the above
<ec>
also hi meowrobot et all, sorry for the spam
<meowrobot>
tis okay
muelleme_ has joined #elliottcable
fujisan has quit [Quit: Connection closed for inactivity]