Random UTF-8 characters


04 Aug 2016 in linuxnodejava

Dependency Hell

It seems like every few years we recreate a new version of dependency hell. Old school linux users and coders know this pain well. Why do we keep doing this to ourselves?

First some history; like a lot of developers in their 30's the first time I saw dependency hell was on a linux box. Dependency hell on linux normally manifests due to conflicting library versions. I'm sure there are a ton of Gentoo, RedHat or Debian users that can relate. Spending hours patching or finding the perfect combination of dependencies to appease the RPM or GCC gods. Luckily the community did everything it could to fix this: side-by-side installations of versions and smart package managers all but negated the problem.

It was quite a while before I found another instance of dependency hell. Most of my first programming jobs were on Java systems. For those of you who are not Java programmers we have our own version of dependency hell: Jar Hell. Jar Hell is caused when projects a metric shit ton of dependencies. Package management systems like Gradle and Maven have improved the situation, but every now and again you end up with two version of the same library on the classpath.

Now I'm living a new dependency hell: NPM/JavaScript. The community has grown so fast in such a short period of time. While the ecosystem is robust, app setup and dependency management is getting a bit crazy. Here is how it feels to setup a new app:

Reacts new create-react-app installs 700+ dependancies. 700!! It's not just react that's crazy like this, don't forget the left-pad fiasco. Dependency hell seems to be compounded by Javascripts fundamental lack of a decent set of core libraries. So far language updates to Javascript feel more like putting lipstick on a pig than improving the core of the language.

So the question is how do we fix it? Right now I honestly don't know. It's a pain point for tens of thousands of developers. As Javascript matures it will get better. More common libraries will be used, reducing the number of dependencies. Couple that to some much needed improvements in npm and a large pain might become more bearable.