Honestly I don't hate the language itself that much (I'm just learning it though so who knows) but developing with it fucking sucks. First npm installs a thousand dependencies, then you have to use it to install an entirely different package manager (yarn) and hope it works.
If you're using npm, you install a package or two that you're working with and get 10+ vulnerabilities. It tells you to run "npm audit fix" so you do it, but it just lists the vulnerabilities again and tells you to run "npm audit fix", so apparently you're just stuck with those.
Then you try running your react app and it crashes with an error about failing to stat a random file in your home directory. It turns out that you mistyped an import, and instead of giving an error about that it recursively backs up and checks every single file to see if it's the one it's looking for. Cool.
As a dev who has done a ton of work with JS, JavaScript fucking sucks!
For anything running in the browser, opt for Typescript whenever possible...but even that is gilding the JS turd. So many stupid design decisions plague JS...which TS, being built upon the same pile of dogshit, cannot fix.
The whole web ecosystem is fucked, especially the JS stack. Using Node these days practically requires tooling like Webpack, Babel, & React...which adds so much overhead to getting something simple off the ground.
I wish web browsers offered first-class support for better languages. WebAssembly looks like it might help, but it's still not mature.
I only use JS/TS anymore because:
- No need to host a server for single page apps. Just use GitHub Pages to serve your minified JS, and you're guaranteed decent latency no matter where the client is located. Easy & free.
- Everyone has a web browser, so you can run code anywhere without dependency hell or compiling to a bunch of architectures.
- Convenience of JSX/TSX syntax.
I'd like to see analogous JSX-like syntaxes built for other languages, especially Rust & Python. I'd never touch the JS/TS/Node ecosystem ever again if Rust had a JSX-like syntax and I could compile PWAs to WebAssembly and easily serve it.
Despite all my complaints, I am very glad NPM nags you about vulnerabilities. I'd like to see that information when installing deps from PyPi, Crates.io, etc. because I'm sure they're also littered with tons of active vulns, but get less attention because it's not displayed by default.
All package managers should make that info as visible as NPM...both for language-specific & OS package managers. I know you can do this with pacman hooks, but it would be huge to make it default, esp for apt.
Js itself is kinda ok. Typescript makes it bearable. But npm is a fucking dumpster fire of absolute garbage.
JavaScript is so bad that Typescript had to be created to prevent devs from shooting their feet because of its wonky evaluation.
NPM isn't the problem. The problem is that the modern web forces you to use all the poorly written packages on NPM
Fuck react. Fuck angular fuck em all id rather use jquery
jQuery is every bit as much of a dumpster fire as modern frameworks.
but nooooooo my work decided we have to make EVERYTHING a single page app even if it adds weeks to the dev time for a simple site.
I write lots of single-page apps only to avoid having to host a server for everything I make, but I hate them so much
SPAs show how badly the web was bastardized. Instead of downloading a styled document and interacting with a server via forms, you now download & run a congealed mess of markup text, styles, and code that:
- Eats way too many CPU cycles for simple tasks
- Records your every mouse movement & keystroke
- Sends a fuckton of requests to their servers.
We need some way to have interactive elements & responsive UI, but shoehorning every use case into the document-styles-form pattern via JS has broken the web.
I wish WebComponents became a standard decades earlier & browsers relegated JS to only operating within them...or built a separate model for interactivity that forms couldn't handle.
jQuery is the hot glue of JS development. Useful and you want to use it, but you know it's a bad idea for anything but hack jobs.
What they should have done was never have HTML+CSS via HTTP in the first place. Just make everything a full page Java applet boom done. Every 'interchange' format eventually turns into a virtual machine (as the web did instantly) so why not just start off by making the whole thing a remote code execution sandbox? Just give the programmer WebGL via WebAssembly and nothing else. Instead the web is based on a bunch of text file formats 🤣 TEXT FILE FORMATS!!!! EVEN HTTP WAS BASED ON PLAINTEXT!!! NEVER DO TEXT KIDS. Clown world.
But instead, WebAssembly is being pushed by Google et. al. as just another add-on that increases the barrier to browser implementation and increases its complexity. Like just make the browser a VM bro lol its not hard 😂.
Like literally just download a WASM blob via TLS socket and execute it. That's it. Web solved. But now they're trying to add exceptions and garbage collection to WebAssembly. NO NO NO NO NOOOOOOOOOOOOOO!!!
Yeah but that's just because it wasn't really designed for sandboxed execution initially. If they actually standardized something (like they have now with WebAssembly) it would obviously be designed for security.
lmfao give me plain text markup over "voluntary" RCE any day of the fucking week
That's will never happen though. It isn't flexible enough so there will always be some kind of VM added to stuff like that. People want to be able to create programs that can be run easier than downloading and installing one to a computer (which has no sandboxing whatsoever). Better to just start off with something simple than tack it on. It's still possible to have plenty of functionality without being able to do very good fingerprinting.
Lol you joke, but I'd vastly prefer either browsers being a VM over TCP or pure document formats. This hybrid shit brings the worst of both...little control over execution, piss-poor sandboxing, but built from a stapled together pile of obfuscated document formats.
I have very mixed feelings about WASM. It may kill any modicum of user control we have left, but it will also make it easier to dev in whatever language I want and target the web.
At this point, we should just scrap the web and start over.
Yeah good point about user control. Although it isn't like most fancy webpages these days can be controlled or understood easily anyways. Better off just doing better sandboxing than trying to do any kind of introspection on documents and stuff, if that's the goal. And you can read website source code for lots of open source projects (hexbear.net lol), so it's not like you get much from being able to look at the stuff transmitted to your browser. I'm sure there will be tools eventually to see what WASM "syscalls" are being made if there aren't already ways, and you could probably create hooks for them too, in order to control what websites can do, without writing a new browser.
One issue with creating and using alternative formats is security, since most of the security stuff requires a budget and is only done for stuff that's actually used. But if you could build something out of existing libraries, like TLS sockets from library A and a WASM VM from library B, there probably wouldn't be much room to create security problems that don't exist already. And some small orgs could use a different protocol (there's already some stuff like this obviously).
Vue > React > Svelte > jQuery > That Donnie Darko Sequel > Vaush > Angular
I haven't tried the Vue 3 api yet, though i can say it looks so much better than react hooks, which was god awful. I loved Vue2 api though, much better than jquery.
Can I ask why you think Angular >>>> React? I work in a react environment and I cant tell if I hate it because of React, or because its the worst designed system Ive ever seen?
Javascript has mostly cleaned up its act over the last ten years. Still some jank, but if you use classes, let, and arrow expressions, all the real language jank mostly goes away. There are worse languages.
The Javascript ecosystem is an ever-deepening pit of despair. Everything is dependency hell on twenty different bespoke configuration languages, build systems, packaging systems, state management systems, getting someone else to wipe your ass systems. And now half of them are React, which is overengineered, poorly engineered, and not fit to any particular project's needs.
I want to say that npm is a kind of okay package manager, but everything it pulls in to your project is going to be part of the Javascript ecosystem, and that's not really an okay thing for a package manager to do.
but if you use classes, let, and arrow expressions, all the real language jank mostly goes away
While those fix many old JS deficiencies, the core problem with JS as a language relates to evaluation moreso than syntax & features. Tons of unexpected jank comes from JS interpretting certain expressions in unintuitive ways that break expectations of any dev unfamiliar with specific JS quirks.
twenty different bespoke configuration languages, build systems, packaging systems, state management systems,
Agreed 100%. While not entirely JS's fault (shared w/ browsers, the DOM), it makes JS dev much more difficult. You now need deps for a million things, all configured differently. Entirely plausible a project forces you to write configs in JS, JSON, TOML, & YAML.
And now half of them are React, which is overengineered, poorly engineered, and not fit to any particular project’s needs.
I quite like JSX's syntax, but React's lifecycle management has enough quirks that your code often behaves in unintuitive and hard to predict ways. So much of time is wasted on "fuck, why is/isn't this rerendering" that could be spent writing core logic.
State & lifecycle management is a mess, hence the multitude of deps for it. The advent of hooks helps somewhat, but they're incompatible with class components, so most code cannot benefit without refactoring...a bandaid leaving the core problems in place, but now forcing you to manage multiple vastly different design in your code.
Styling is absolutely fucked, with another set of deps for that too. All you want is dynamic styling & responsive UI but you have to choose between writing a fuckton of CSS classes or using CSS-in-JS...which always seems to add weird edge cases that recompute loads of shit if you use values from the browser or DOM. Anything outside CRUD apps with standard UI becomes exponentially harder than necessary.
Tons of unexpected jank comes from JS interpretting certain expressions in unintuitive ways that break expectations of any dev unfamiliar with specific JS quirks.
I agree with this, but the most egregious parts of that go away if you use the more modern syntax. Like there's nothing inherently better about "let" instead of "var" syntactically; they're the same thing. But var is evaluated in a way that, if you use it to call an inlined function in a loop, will make your hair fall out. Same with arrow notation - it's cuter syntax than function(), but it also doesn't bind "this" in JS's wacky way, and that's the real advantage. Class also makes "this" behave like a normal person would expect.
Styling is absolutely fucked
Styling is so incredibly fucked.
I use raw CSS though, because as shit as it is, all the weird js ecosystem deps you can pull in just add more things that can break, without actually addressing any of CSS's core problems. Especially now that there are CSS vars.
Luckily I didn't start writing JS until about the time ES6 came about, so I pretty much used those syntax features from the start. But I didn't originally know the
this
binding quirks and just thought it was syntactic sugar, so I had a rough time wondering why my code wasn't evaluating how I expected.Raw CSS is looking more appealing now that CSS vars are standard. CSS-in-JS has caused me so much pain back when I was a noob. I dread frontend because of the rerendering bugs that would happen because I read DOM data to generate the CSS which then altered the DOM data.
It’s shit. It’s utter shit. Fuck the Netscape executives who decided that embedding Scheme was a bad idea, leading to Brendan Eich duct taping together the first version of JavaScript in 10 days.
I had the pleasure of using Phoenix LiveView professionally last year, despite being rough around the edges it was sooooo nice to not have to think about JavaScript when doing frontend development.
I like python where you don't have a package.json so you have to run
pip3 install aaaa; pip3 install bbbb; pip3 install cccc; pip3 install dddd
but you don't run those all at once, you run them when the program crashes saying you need them.
also when the program crashes anyways, you have to lookup each error and go back and do
pip3 install aaaa@0.28
because it installed by default a newer version that was too new for the program.then you can't even
pip3 install dddd@2
because it was only published for python3.5 and you're on python3.9.Most "python fans" claim you can use one of 14 standards but remember that's a lie and 99% of codebases you'll find in the wild didn't bother.
I've only seen projects either use requirements.txt or Pipfile, both of which work perfectly fine.
Javascript is a fucking nightmare to work with. I pretty much won't touch it unless I absolutely have to. The conventions are inscrutable, the frameworks are a bloated mess, and the ecosystem is garbage.
Even the "good" package managers designed to make NPM less of a nightmare are extremely stressful — why did yarn install four different versions of babel? Who knows! Welcome to dependency hell!
Don't forget you have to globally install an old version of yarn to use it to locally install the current version of yarn in each project.
I had forgotten but yep you're right, I do absolutely hate that :agony:
My old professor use to tell me that the Internet was just a fad
https://homafiles.info/2011/09/15/the-internet-is-just-a-fad-newsweek-feb-26-1995/
The truth in no online database will replace your daily newspaper, no CD-ROM can take the place of a competent teacher and no computer network will change the way government works.
How about electronic publishing? Try reading a book on a computer. At best, it’s an unpleasant chore: the myopic glow of a clunky computer replaces the friendly pages of a book. And you can’t tote that laptop to the beach.
I mean, they didn't miss, except for the newspaper part. Not like our government has used the internet to make anyone's lives better.
I think I'm slowly switching from laughing at people who thought that to wishing they were right. Well, the web moreso than the internet, but still.
Javascript, as a language, has a couple of problems, but I like working with it better than php or python, and it performs miles better than them too.
What I hate is what you're really ranting about too, which is the proliferation of shit built on top of shit that is the npm eco-system, and the over-complicated mess that is front-end frameworks. The only weapon you really have there is keeping things as simple as possible through the choices you make.
For me, on the npm side this boils down to minimizing the number of modules I want to depend on, and if something is simple enough to implement in like one or two functions, I'll roll my own rather than require('capitalize-first-letter-of-word'). On the frontend side, I started out with the previous release of Vue, but only really using its template engine. I since rolled my own drop-in replacement that uses the same tricks and templates, but tries hard not to be a Framework. I also refuse to use anything that has a complicated build process before I can test changes.
I like Typescript. Fixes the most painful part of JS as a language imo.
I'm kinda confused about why yarn is still in use. I dropped it the moment npm started making its own lockfile. And npm as a tool is a bit annoying but don't knock it until you try package management / packaging with Python, R, C, Java...
Java package management doesn't feel too bad using gradle with Maven projects? It could be better, and there's dependency version issues and stuff, but I assume that's always the case?
C package managers are also known as Linux distributions.
Building libraries from source is usually not too difficult in C on Linux. And you can just use the -I switch to add headers to the #include <> directive. I don't think you're supposed to just install "-devel" packages. In terms of Windows... Microsoft definitely doesn't want people to write software for Windows.
Which makes getting into C hard as fuck. Or even just running something someone else made in C.
C doesn't come with a package manager but there are hundreds of C package managers, often specific to a single target device.
Maven has to solve the same problem as npm when it comes to resolving subdependencies (all package managers do). mom resolves the problem by creating deeply nested node_modules trees, allowing packages to have isolated deps. Maven installs one version and might give you a warning and things might break and it's not clear why.
I'm an ops engineer so I spend a lot of time fighting with package managers for languages I dont necessarily work with day-to-day
Ruby's is the gold standard. I love bundler. I'll bitch about some of the weird edge cases from time to time but that's mostly just around behavior changes in version upgrades and it's fine. I wish every package management ecosystem was like Bundler.
NPM stresses me out, specifically with Yarn. Why are there six copies of my dependency installed, all with different versions? Who decided this was better than having standards around better version constrains for sub-dependencies?
Python is absolutely terrible. If you need one package as a one-off then fine, pip works ok. But its lock file system fucking sucks. Why do I need a virtual env all the sudden, just let me specify the path where my packages are. The current attempt to improve it, poety, is a step in the right direction. But the underlying ecosystem is so fucked that any time you want to upgrade or install a single package it takes like five minutes to run.
It's been awhile but last time I worked with Go it was pretty painful too.
Maven is ok. Opening an XML file makes me feel like I just time travelled and like anything in the Java ecosystem, the CLI is inscrutable, but it's not that bad.
I've heard good things about rust/cargo but I haven't done more than installing a package or two as a one-off so I can't speak to it more than that.
Cargo is the very best imo. Painless experience, batteries included for everything.
poetry is the best thing to happen to Python since list comprehensions.
imo npm assumes that its package developers don't know what they're doing and they'd usually be correct in this.
My experience with bundler has been mixed because I have ran into pulled package version issues crazy often. Maybe I'm just unlucky. Not really bundler's fault unless this is a systemic issue among Ruby packages.
Go's Dev team is insufferable and this is why they simply didn't have a package manager, not really. And now that they're starting to build the features of one, it's all about how dependencies breaking is good because it puts pressure on upstream to fix them.
Maven works when it works and does nothing for you when something breaks. It's up to you, Java dev, to go resolve incompatible dependencies manually.
Cargo has been the best in my experience too...about as painless as deps can be imo.
If what you say about poetry is true, I'll definitely have to look into it asap.
Never used bundler or Ruby, and I've never been sure about what the appeal of Ruby is, so if dependency management is more painless than most languages, I'd understand immediately.
I've never had a more frustrating dependency experience than with maven. Using XML and being tied to Java are more than enough to guarantee I never touch it again unless absolutely necessary.
My experience with bundler has been mixed because I have ran into pulled package version issues crazy often. Maybe I’m just unlucky. Not really bundler’s fault unless this is a systemic issue among Ruby packages.
Huh, Ruby's my day-to-day and I haven't run into that much in years. Maybe just bad luck for you then, or things have improved substantially with the ecosystem recently
And yeah poetry has been head and shoulders above any other python package management, especially since it's for venv-management rolled in. There's a couple crucial missing features still, especially around authenticating to private registries, but I think that's a pip problem at its core — mostly it suffers from having to use pip under the hood.
Lmao about the Go devs, you're absolutely right on the money with that one
Yeah, I've been using it for six or seven years at this point and even for all the stuff i like to grumble about it's far and away my favorite language I've worked with — the syntax definitely aligns most closely with how I think about code, nothing else really stuck the way that it has for me.
I haven't had too hard a time finding places that use it, rails is still pretty well-used and getting better with every release, and there's plenty of places that use chef on the ops side of things too. Still every time I see a listing for jobs I'd otherwise like but that use python/django it hurts my soul a little since python is imo pretty similar to Ruby except everything is a little bit worse lol
Lol that's exactly how I felt. Python is fine and I can pick it up quickly when I need to, but I spend the whole time wishing I was writing Ruby
Love how we made WebAssembly so we could compile other languages into a standardized assembly code for browsers... then still required JavaScript to actually get that code running on the client.
Yeah its awful but we love it. You learn to love its many, many faults. I dont know how it took over like this.
> Deno's package registry has
is_number
andis_numeric
modules.I don't think it's fixing the problems.
it does the typescript tho, I also don't personally believe "too many tiny packages" are even a real problem.
Too many tiny packages isn't a problem, it's a a symptom. left-pad should never have existed, and this is just the same thing for a different bit of functionality.
It's not inherently a problem, but many tiny packages suggests many different repo owners, leading to more vectors for nefarious actors to bone you upstream.
rust, increased consistency with browser APIs, first class typescript support.
I'm convinced.
Is the move from node to Deno painful? My only fear is having to replace deps that don't exist in Deno and having to spend a bunch of time duplicating existing functionality manually.
If you're a c# dev like me, check out Blazor. It fucking rules so much. Write entire website in c# and skip all the node shit.
I'd love to, but unless there's a C# equivalent to boardgame.io it's not an option.
edit: plus I'm mostly in Linux these days and C# without Visual Studio is :not-good: