> So what happens when one of your dependencies no longer exists on the Internet for one reason or another?
For this to be a problem would require it to disappear from both npm and Github simultaneously, and for none of our devs to still have it on their local machine so we can reupload it under a different name.
Like, I didn’t think about that until you wrote it, but coming up with an answer isn’t exactly hard.
I’d rather worry about things that are more likely to happen, like someone accidentally dropping the prod database tomorrow.
And with Docker containers? And proprietary binaries? My point being, as you've proven in your reply, that most developers are going to only think of the most obvious cases.
And when you're a prolific writer and you've experienced more than just npm and GitHub, you're going to run across a scenario that makes you start thinking about how your practices in one ecosystem don't apply everywhere.
I own intellectual property composed of dependencies that can't be obtained anymore. Or two people in the world are the only individuals who are known to still have the dependency, but neither of them will supply it.
What's your plan for depending on a SaaS who goes out of business? Is everyone experiencing that on a regular basis? No, they aren't. But then you do. Once. And it changes how you do everything later, because you no longer have the privilege of not thinking about it.
> My point being, as you've proven in your reply, that most developers are going to only think of the most obvious cases.
I don’t think you can draw that conclusion from the fact that the comment didn’t contain all the information you expected.
I don’t think it’s reasonable to expect people to think of and mitigate every potential problem that can occur. You focus only on those that are both likely, and will have a big impact.
Will people that have experienced a vanishingly unlikely problem try to mitigate that from ever happening again? Sure. But I’m not sure if it’s actually rational to do so, when they have bigger and more likely problems to worry about.
> So what happens when one of your dependencies no longer exists on the Internet for one reason or another?
Can I rephrase it to something more realistic?
"So, what happens when one of your dependencies is no longer maintained, for one reason or another?"
or
"So, what happens when one of your dependencies conflicts with a newer version of another one of your dependencies, which you are keen to update for one reason or another?"
I’m by no means in the web-development-sucks-lets-kill-the-build camp, I think modern web frameworks and tooling can be incredibly useful particularly at scale (people, codebase, features), but JS dependency management is pretty nightmarish rn.
For this to be a problem would require it to disappear from both npm and Github simultaneously, and for none of our devs to still have it on their local machine so we can reupload it under a different name.
Like, I didn’t think about that until you wrote it, but coming up with an answer isn’t exactly hard.
I’d rather worry about things that are more likely to happen, like someone accidentally dropping the prod database tomorrow.