| ▲ | bikeshaving 6 days ago |
| The maintainer who this piece of “cursed knowledge” is referencing is a member of TC39, and has fought and died on many hills in many popular JavaScript projects, consistently providing some of the worst takes on JavaScript and software development imaginable. For this specific polyfill controversy, some people alleged a pecuniary motivation, I think maybe related to GitHub sponsors or Tidelift, but I never verified that claim, and given how little these sources pay I’m more inclined to believe he just really believes in backwards compatibility. I dare not speak his name, lest I incur the wrath of various influential JavaScript figures who are friends with him, and possibly keep him around like that guy who was trained wrong as a joke in Kung Pow: Enter the Fist. In 2025, I’ve moderated my opinion of him; he does do important maintenance work, and it’s nice to have someone who seems to be consistently wrong in the community, I guess. |
|
| ▲ | karel-3d 6 days ago | parent | next [-] |
| to save everyone else a search, it's probably ljharb. (I am not a member of JS community, so, come and attack me.) |
| |
| ▲ | Sammi 6 days ago | parent | next [-] | | Saga starts here: https://x.com/BenjaminMcCann/status/1804295731626545547?lang... https://github.com/A11yance/axobject-query/pull/354 Specifically Ben McCann along with other Svelte devs got tired of him polluting their dependency trees with massive amount of code and packages and called him out on it. He doubled down and it blew up and everyone started migrating away from his packages. ljharb also does a lot of work on js standards and is the guy you can thank for globalThis. Guy has terrible taste and insists everyone else should abide by it. | | | |
| ▲ | sunaookami 6 days ago | parent | prev [-] | | Wow that's some deep rabbit hole. This guy gets paid per XY npm downloads and games the system through this. Awful. | | |
| ▲ | karel-3d 6 days ago | parent | next [-] | | There is apparently a tool, that you can upload your package.json and it will show you how much dependencies are controlled by ljharb https://voldephobia.rschristian.dev/ | | |
| ▲ | rschristian 2 days ago | parent | next [-] | | Ha, was wondering why I started getting a few more stars all of a sudden. For extra context: I created the tool ~9 months prior to the meltdown as one could vaguely mention an individual trolling over NPM deps and absolutely everyone in the ecosystem with a bit of experience would know who was being referred to, aka, "You Know Who". And, if you dared mention him by name, he'd eventually show up reciting his download counts in endless "appeal to authority"-style arguments, trying to brow-beat people into accepting that he knows more or whatever, ergo, "He Who Must Not Be Named" (at least, if you didn't want him being annoying in your mentions). There's a number of "-phobia" apps in the ecosystem and given the negative impact he has on dependency trees, it felt fitting to offer a similar, somewhat satirical, app to detect how much of your dependency tree he controlled. | |
| ▲ | dvfjsdhgfv 6 days ago | parent | prev | next [-] | | It looks like if I wanted to install a particular piece of software on many modern websites and I didn't have enough resources to hack node itself, talking to this guy would be a logical choice. | | |
| ▲ | karel-3d 5 days ago | parent [-] | | Eh, as much as I think this guy has very weird opinions; if he wanted to cause harm, he would do it many years ago. When I started looking him up, he DOES do a lot of good work in the ecosystem. Which makes this more complex issue. But, also, he does this "backwards compatibility forever" insanity. I think it's his crusade. |
| |
| ▲ | goriv 5 days ago | parent | prev [-] | | Damn, I just checked a random express project I built and there are a lot of things underlined in red there. I think the most amazing one is https://www.npmjs.com/package/is-number-object, which has a stupidly large dependency tree. |
| |
| ▲ | 6 days ago | parent | prev [-] | | [deleted] |
|
|
|
| ▲ | titanomachy 6 days ago | parent | prev | next [-] |
| This is Wimp Lo! We trained him wrong on purpose, as a joke. Long time since I thought of that movie. |
| |
|
| ▲ | jddj 6 days ago | parent | prev | next [-] |
| Looking forward to this Jia Tan sequel in a few years' time. |
|
| ▲ | Havoc 6 days ago | parent | prev [-] |
| Forgive my ignorance of js matters but how does adding packages improve backward compatibility at all? |
| |
| ▲ | motorest 6 days ago | parent [-] | | > Forgive my ignorance of js matters but how does adding packages improve backward compatibility at all? The scheme is based on providing polyfills for deprecated browsers or JavaScript runtimes. Here is the recipe. - check what feature is introduced by new releases of a browser/JavaScript runtime, - put together a polyfill that implements said feature, - search for projects that use the newly introduced feature, - post a PR to get the project to consume your polyfill package, - resort to bad faith arguments to pressure projects to accept your PR arguing nonsense such as "your project must support IE6/nodejs4". Some projects accept this poisoned pill, and whoever is behind these polyfill packages further uses their popularity in bad faith arguments ("everyone does it and it's a very popular package but you are a bad developer for not using my package") I had the displeasure of stumbling upon PRs where tis character tries to argue that LTS status does not matter at all I'm determining whether a version of node.js should be maintained, and the fact that said old version of node.js suffers from a known security issue is irrelevant because he asserts it's not a real security issue. | | |
|
