Honestly I don't hate the language itself that much (I'm just learning it though so who knows) but developing with it fucking sucks. First npm installs a thousand dependencies, then you have to use it to install an entirely different package manager (yarn) and hope it works.
If you're using npm, you install a package or two that you're working with and get 10+ vulnerabilities. It tells you to run "npm audit fix" so you do it, but it just lists the vulnerabilities again and tells you to run "npm audit fix", so apparently you're just stuck with those.
Then you try running your react app and it crashes with an error about failing to stat a random file in your home directory. It turns out that you mistyped an import, and instead of giving an error about that it recursively backs up and checks every single file to see if it's the one it's looking for. Cool.
JavaScript is so bad that Typescript had to be created to prevent devs from shooting their feet because of its wonky evaluation.
NPM isn't the problem. The problem is that the modern web forces you to use all the poorly written packages on NPM
jQuery is every bit as much of a dumpster fire as modern frameworks.
I write lots of single-page apps only to avoid having to host a server for everything I make, but I hate them so much
SPAs show how badly the web was bastardized. Instead of downloading a styled document and interacting with a server via forms, you now download & run a congealed mess of markup text, styles, and code that:
We need some way to have interactive elements & responsive UI, but shoehorning every use case into the document-styles-form pattern via JS has broken the web.
I wish WebComponents became a standard decades earlier & browsers relegated JS to only operating within them...or built a separate model for interactivity that forms couldn't handle.
deleted by creator
jQuery is the hot glue of JS development. Useful and you want to use it, but you know it's a bad idea for anything but hack jobs.
deleted by creator
Don't talk shit about my beloved jquery
What they should have done was never have HTML+CSS via HTTP in the first place. Just make everything a full page Java applet boom done. Every 'interchange' format eventually turns into a virtual machine (as the web did instantly) so why not just start off by making the whole thing a remote code execution sandbox? Just give the programmer WebGL via WebAssembly and nothing else. Instead the web is based on a bunch of text file formats 🤣 TEXT FILE FORMATS!!!! EVEN HTTP WAS BASED ON PLAINTEXT!!! NEVER DO TEXT KIDS. Clown world.
But instead, WebAssembly is being pushed by Google et. al. as just another add-on that increases the barrier to browser implementation and increases its complexity. Like just make the browser a VM bro lol its not hard 😂.
Like literally just download a WASM blob via TLS socket and execute it. That's it. Web solved. But now they're trying to add exceptions and garbage collection to WebAssembly. NO NO NO NO NOOOOOOOOOOOOOO!!!
deleted by creator
Yeah but that's just because it wasn't really designed for sandboxed execution initially. If they actually standardized something (like they have now with WebAssembly) it would obviously be designed for security.
lmfao give me plain text markup over "voluntary" RCE any day of the fucking week
That's will never happen though. It isn't flexible enough so there will always be some kind of VM added to stuff like that. People want to be able to create programs that can be run easier than downloading and installing one to a computer (which has no sandboxing whatsoever). Better to just start off with something simple than tack it on. It's still possible to have plenty of functionality without being able to do very good fingerprinting.
Lol you joke, but I'd vastly prefer either browsers being a VM over TCP or pure document formats. This hybrid shit brings the worst of both...little control over execution, piss-poor sandboxing, but built from a stapled together pile of obfuscated document formats.
I have very mixed feelings about WASM. It may kill any modicum of user control we have left, but it will also make it easier to dev in whatever language I want and target the web.
At this point, we should just scrap the web and start over.
Yeah good point about user control. Although it isn't like most fancy webpages these days can be controlled or understood easily anyways. Better off just doing better sandboxing than trying to do any kind of introspection on documents and stuff, if that's the goal. And you can read website source code for lots of open source projects (hexbear.net lol), so it's not like you get much from being able to look at the stuff transmitted to your browser. I'm sure there will be tools eventually to see what WASM "syscalls" are being made if there aren't already ways, and you could probably create hooks for them too, in order to control what websites can do, without writing a new browser.
One issue with creating and using alternative formats is security, since most of the security stuff requires a budget and is only done for stuff that's actually used. But if you could build something out of existing libraries, like TLS sockets from library A and a WASM VM from library B, there probably wouldn't be much room to create security problems that don't exist already. And some small orgs could use a different protocol (there's already some stuff like this obviously).