PatrickJS, a developer using the account name PatrickJS, recently experimented with creating a package called “everything”. In this experiment, he dragged all the packages available on NPM and made them dependencies for this new package. Consequently, developers throughout the system were unable to delete or hide any packages.
PatrickJS’s approach involved creating five sub-packages, each specifying their need for approximately 800 other packages available on NPM. These packages were then combined into the main package called “everything”. So, if any user were to execute the command “npm install everything”, they would immediately download all the packages from NPM, potentially amounting to millions of downloads.
However, this approach had unintended consequences. Some developers were unable to hide their own packages because NPM recognized that other packages were dependent on them. This measure was implemented to prevent a similar incident to the removal of the popular “left-pad” package, which caused many software issues for numerous users.
In the end, the “everything” package was downloaded approximately 235 times.
TLDR: The developer PatrickJS created a package called “everything” that included all packages from NPM as dependencies. This prevented developers from deleting or hiding packages. However, this approach caused some developers to be unable to hide their own packages. The “everything” package was downloaded around 235 times. (Source: Bleeping Computer)
Leave a Comment