There's a Package for That

NPM's single use packages

Posted by  on July 25th 2022 02:02 pm

Getting ready for work this morning, I stumbled upon a post on the HN front page about C#[1], and as a lover of C#, I clicked into it, to be immediately greeted with a fellow C# enthusiast that primarily uses JavaScript. Well I guess I'm a C# enthusiast who primarily uses C#, but who works with JavaScript in my non-paid work.

That is neither here nor there. I am sorry, but I love a tangent.

This article made mention of an NPM package that gets 180k downloads each week. I thought, that seems like a lot, this is probably a pretty useful package. IT IS NOT. Well, I guess it is, but it is silliness to the max. It is basically a type-safe (well, as type safe as JS gets) method for checking if a number is even.

Down the rabbit hole

I wanted to see what all went into this package, so I clicked into the GitHub repo for it [2]. I was less than excited to see the bulk of the code is just return !isOdd(number);.

Yes, that is correct, it requires a second package that apparently has more logic for checking if a number is odd. So back to NPM to find the repository, which looks as though it was developed by the SAME PERSON. Further down the rabbit hole I go [3].

Door #3

I was not disappointed! There WAS in fact more logic. I was actually further "impressed" by the inclusion of another package for checking whether the number you were checking for oddness was actually a number. Which led me to wonder, what is behind door number 3??? I clicked back over to NPM to find the dependency and lo-and-behold, SAME AUTHOR AGAIN [4]! This time though, the library is HUGELY popular : 56M weekly downloads.

But Why!?

I really don't understand the popularity of adding a dependency that is just a wrapper to a basically built-in function. The is-number package is only 5 lines of code. It first checks the typeof === 'number' and then to make sure it can cancel itself out (number-number===0), and if that isn't true, it tries to convert the string to a number using the unary operator +'2' === 2 that then checks if it is finite before returning false if none of that is satisfied. On the whole, it isn't an unuseful block of code, but I do not get why you would go and depend on it when its 5 lines of code you could own.

I'm not going to say that this is good/bad/ugly, and there are some genuine uses for a more "type-safe" check on a number, specifically numbers coming from user input, but I feel that more and more people are abstracting away 5 lines of code behind 4 packages. The way I would have implemented is-event would have been to naively check return number % 2 === 0, and if anything ever needed to be safer (i.e. parsed user input, or something slightly less trivial), I would have added if(Number.isInteger(number)) {...} around it.

This isn't the only set of packages that does something like this, and I'm not against using NPM and dependencies. I LOVE dependencies. My MVC framework (SimpleMVC.js [5]) I built to kind of mimic mvc has only like 200 lines of my own code, the rest is built atop express and a handful of other dependencies that all have their own dependencies, and TBH, I'm fairly certain at some point one of those dependencies probably calls into the 'is-number' package.


get $100 in credits for FREE when you sign up for digital ocean

Copyright © Jeremy A Boyd 2015-
Built with SimpleMVC.js • Design from