A small library is throwing the JavaScript ecosystem into chaos

Do you remember Leftpad in 2016? When a developer simply decided to unpublish the package and wreak havoc on millions of other projects? Something similar happened over the weekend.

An update to a tiny JS library on Saturday threw a large part of the JavaScript ecosystem into chaos, affecting several million projects. The absurd thing about the story: The chaos was caused by a two-line JavaScript library. The whole situation is strongly reminiscent of the infamous Leftpad case in 2016, when the unpublishing of the package caused far-reaching problems. The culprit this time is a two-line called is-promise, a package that can be used in Production to check whether a JS object is a so-called promise. Developers get back depending on the case true or false. Although is-promise only consists of two lines of code and only returns one boolean, the library is one of the most widely used npm packages. is-promise is found in 3.4 million projects and is used as a dependency in 766 other JS libraries.

The is-Promise Library received an update at the weekend – it should then function according to the ES module standard. Apparently something went wrong: After the update was released, projects using is-Promise in their build chain crashed. The ES module support was evidently implemented incorrectly when the library was updated. With Immediate Impact: Both smaller, private projects and some of the largest projects within the JS ecosystem were affected, including Angular, Nuxt.js, create-react-app, AVA or Google’s Firebase tools.

Cannot compile new versions

Fortunately, the bug didn’t crash any existing projects, so there was no actual downtime. But it hindered the compilation of new versions. Just hours later, the library team rolled out an update in which they failed to fix the problems. Finally they decided to withdraw the ES module support for the time being.

Similar to 2016, when a tiny library caused a very similar chaos in the JavaScript ecosystem for the first time with Leftpad, this incident also sparked the discussion about the modularization of code within the JS ecosystem. One side is of the opinion that modularization is simply taken too far in the case of such tiny libraries that are used for such trivial tasks. Code that you have written yourself is at least under your own control:

The other side argues that this modularization in particular is totally valuable because it allows a task to be solved in an efficient manner with the help of a module, instead of forcing each developer to find their own solution for their respective projects.

Suitable for this:

You might be interested in that too

Ready to see us in action:

More To Explore

Enable registration in settings - general
Have any project in mind?

Contact us: