rua
ansi-black
rua | ansi-black | |
---|---|---|
4 | 3 | |
420 | 1 | |
- | - | |
6.7 | 10.0 | |
4 months ago | almost 9 years ago | |
Rust | JavaScript | |
GNU General Public License v3.0 only | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
rua
-
Node.js packages don't deserve your trust
> While I find projects in those other languages to also have too many dependencies, it's no where near what happens in JS apps. I'm thinking of projects I've recently worked on in Rust, PHP, and Java.
My experience with these new languages is such that this feels a bit unfair. It's like insisting that a disaster with 1000 fatalities is "much worse" than one with "only". It's ... true ... I guess, but there's something uncomfortable about making the comparison. Something has gone badly wrong if the comparison even needs to happen in the first place.
What I'm getting at is that e.g. Rust has an enormous problem in this area. It's not uncommon for me to see Node projects with over a thousand transitive dependencies, but on the other hand, I very frequently see Rust projects with over a hundred. And the Node projects tend to be more complicated than the Rust ones; they do more.
Take the last Rust program I tried to use, tealdeer. [1] If you don't know, tldr is a project that provides alternative simplified man pages for commonly used programs that consist entirely of easy to understand examples for the program. [2] What a tldr client needs to do is simply to check a local cache for each lookup, and if necessary update the cache online. It's a trivial problem that can be, and has been! [3], solved in a few hundred lines of shell (if you're being extremely verbose). How many recursive dependencies would you guess tealdeer uses? Depends on how you count, of course, but as of today the answer is ~133 deduplicated dependencies! For a program that's a glorified wrapper around curl!
Or another Rust program I looked at recently, rua [4]. In Arch Linux, the AUR is a repository of user maintained scripts for building and installing software as native Arch packages. Official tools for the building and installing software already exist for Arch, but it is common for users to use a wrapper around these tools that makes fetching and updating the software from the AUR easier. It's a relatively simple task that (once again) can be done with shell scripts. rua is such a wrapper. As of today it uses 137 deduplicated dependencies!
These Rust programs are simple terminal tools to do tasks that are almost trivial in nature. And yet they require hundreds of constantly updating dependencies! The situation may well be better than what you'll find for Node, but it's undeniably disastrous compared to either simpler languages without a built in package manager (like C) or more complicated batteries-included languages where best practices continue to prevail (like Python).
[1] https://github.com/dbrgn/tealdeer
[2] https://tldr.sh/
[3] https://github.com/raylee/tldr-sh-client/blob/main/tldr
[4] https://github.com/vn971/rua
-
Paru vs Yay vs Other (please specify in comments)
I gotta dig into rua too, seems cool!
-
Is there an AUR helper that can automatically apply custom patches?
Rua can do local patches (https://wiki.archlinux.org/title/AUR_helper#Comparison_tables)
-
5 reasons why I love coding on Linux
https://github.com/vn971/rua#install-the-aur-way
ansi-black
-
50% new NPM packages are spam
> When I did a coding boot camp, one of our assignments was to push a package to RubyGems. It didn't matter if the package did anything; just make up a name and publish it. I'm pretty sure this kind of thing was a common practice with other boot camps, and applied to NPM as well. I always despised how this effectively trashes the repository and represents a complete waste of digital space, no matter how insignificant, as well as take up names that could go towards code that is actually useful. I wouldn't be surprised if a significant number of spam NPM packages were these boot camp assignments.
To me seeing these types of behaviors from an applicant would be a pretty big red flag. I'm just thinking of the disaster that was Hacktoberfest 2020 after a YouTuber popular among bootcampers and students in India taught his audience how to make a (spammy) PR in order to win a 5$ T-shirt. [0]
A pattern I've seen with bootcamps is that students will build a "portfolio" on GitHub and everyone from the same cohort will build the exact same project because most of the bootcamp is a "fill in the blanks" exercise from the same template. As in, there's a 95% match among the same cohort. This type of "GitHub gaming" was pushed to the extreme by someone who created one package for every ANSI escape code. All of his packages end up including one another and the author PR'd them into popular projects so using those give him downloads and boost his rank [1].
We pretty much stopped recruiting from bootcamps because the signal to noise ratio was just too low.
[0] https://joel.net/how-one-guy-ruined-hacktoberfest2020-drama
[1] https://github.com/jonschlinkert/ansi-black
-
Node.js packages don't deserve your trust
This is absolutely not true, and I'm tired of seeing this.
is-odd, alongside a bunch of other microdependencies are almost all the work of one person, who made as many micropackages as possible and then PRd them into other more popular libraries. There are not 6 million people directly downloading `is-odd` a day. At all.
When this person could make one library to do something (like an ANSI-Colouring package), they would fractalise it into as many dependencies as possible, because that boosts their download count on NPM. I should note that this is just one person who has managed to nestle their way into some larger projects. I apologise for the spam, but this point really needs hammering home:
https://github.com/jonschlinkert/ansi-black
https://github.com/jonschlinkert/ansi-reset
https://github.com/jonschlinkert/ansi-bold
https://github.com/jonschlinkert/ansi-dim
https://github.com/jonschlinkert/ansi-italic
https://github.com/jonschlinkert/ansi-underline
https://github.com/jonschlinkert/ansi-inverse
https://github.com/jonschlinkert/ansi-hidden
https://github.com/jonschlinkert/ansi-strikethrough
https://github.com/jonschlinkert/ansi-black
https://github.com/jonschlinkert/ansi-red
https://github.com/jonschlinkert/ansi-green
https://github.com/jonschlinkert/ansi-yellow
https://github.com/jonschlinkert/ansi-blue
https://github.com/jonschlinkert/ansi-magenta
https://github.com/jonschlinkert/ansi-cyan
https://github.com/jonschlinkert/ansi-white
https://github.com/jonschlinkert/ansi-gray
https://github.com/jonschlinkert/ansi-grey
https://github.com/jonschlinkert/ansi-bgblack
https://github.com/jonschlinkert/ansi-bgred
https://github.com/jonschlinkert/ansi-bggreen
https://github.com/jonschlinkert/ansi-bgyellow
https://github.com/jonschlinkert/ansi-bgblue
https://github.com/jonschlinkert/ansi-bgmagenta
https://github.com/jonschlinkert/ansi-bgcyan
https://github.com/jonschlinkert/ansi-bgwhite
-
A notable JavaScript developer shamelessly copied one of my most downloaded nod
https://github.com/jonschlinkert/error-symbol
My personal favourite is making every single ansi colour into a separate package, and then making `ansi-colors` which depends on all of them, and all of these packages are just a single function call with a provided number. It's honestly insane.
https://github.com/jonschlinkert/ansi-black
What are some alternatives?
yay - Yet another Yogurt - An AUR Helper written in Go
ansi-green - The color green, in ansi.
paru - Feature packed AUR helper
ansi-underline - The color underline, in ansi.
dotter - A dotfile manager and templater written in rust 🦀
ansi-bold - The color bold, in ansi.
alma - Create Arch Linux based bootable USB drives
nanocolors - Use picocolors instead. It is 3 times smaller and 50% faster.
customizepkg - A tool for Arch Linux package manager pacman to modify PKGBUILD automatically
ansi-bgcyan - The color bgcyan, in ansi.
arch-audit - A utility like pkg-audit for Arch Linux. Based on Arch Security Team data.
ansi-inverse - The color inverse, in ansi.