Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I'm running into this problem more and more. It seems like Node is fundamentally unusable for anything but the nimblest teams that do not mind updating their dependencies automatically, every week, and when something breaks, they are capable of fixing it within hours.

I really like Node as a language (especially with TS), but Node as an ecosystem feels like a very hard fit into 90%+ of corporations.



I think the culture of Node comes from the earlier culture of in-browser JavaScript. When running on the browser platform you have to make sure your libraries are up to date and maintained, otherwise you're at the mercy of browser updates breaking things from under your feet (this is less bad now, but it was awful in the days of IE<9, and on android before they started shipping auto-updating Chrome webview)

Consequently, JavaScript developers got used to the burden of maintenance and rapidly updating to the latest versions of libraries, and this culture carried through to Node (partly because a lot of libraries are shared between node and the web).

Having said that, if you pick your libraries well, it's not too bad these days. When I upgraded from Node 12 to Node 14 earlier this year, I had to upgrade the `pg` package to a newer version that supported Node 14 (there was one available), but I didn't have to make any code changes. And other than that I've had no forced version upgrades in a long time.

I guess if you're lookig at 5-10 year timescales with literaly no maintenance then this would be a different matter though.


I strongly feel that you must have end to end tests while using node because of the dependency hell. Not even knowing if a upgrade of a dependency breaks your system is just hard. Also testing it by hand is just not maintainable.


> Not even knowing if a upgrade of a dependency breaks your system is just hard.

This is true for any language/platform.


There are massive differences in how much of a problem this is across different platforms.

With Clojure, I can think of 2 times ever when a dependency caused an issue. It was extremely obvious since the issue was "won't compile", and the fixes were simple.

With PHP, I expect any change to potentially break something. Bump your AWS SDK which uses a different minor version of guzzle? Fatal error.

There's a world of difference between breakage being an everyday thing and a true rarity.


Strong typing does partially help in this situation though.


Only for the most trivial bugs, though (as non-dependent type systems can't express anything but trivial properties). Still, it's better than nothing.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: