With the heavy increase in package management systems like Nuget, Composer, NPM and the like software development has changed, we have become so dependent on third party packages and libraries. Other developers freely provide their code and we go ahead and pull them into our software. Great, that sounds like a benefit – saves constant re-invention of the wheel and means we can focus on our actual goal.
Well, yes, it is… until it isn’t. This isn’t the first time, and sure won’t be the last time it happens, but when one of those developers decides he/she has had enough and disappears off the internet, taking their packages with them – dependency trees suddenly break.
In this instance, we are talking about a library called tail.select which suddenly and without word vanished the other day. The developer has disappeared, deleting his entire github account, his website no longer functions and there is no way to communicate with him. Unfortunately, this is not something new – it happened previously with a well known 11 line block of code. “left-pad” that was removed from various repositories, and while most users didn’t know what it was – it was used in a lot of places. That instance was restored after a few hours due to how much chaos it caused, but something less used could just be gone.
In this instance, we had a copy of the code and have restored it to an alternate github repository ( https://github.com/fancensus/tail.select ) but should something be used you weren’t even aware of then what happens? Your code breaks, you have to work out why/where and re-invent or replace the broken sections? Is that a good place to be really?
Should it be that once a package hits a certain level of use, it can no longer be deleted ?