[Python Dependency Pitfalls] How to set the world on fire

Hey there,

#1 on my list of dependency management pitfalls is there for a good reason:

It lead to a single developer causing mayhem and breaking thousands of open-source projects around the world in one fell swoop.

Here's how it all went down:

A few years back, Azer Koçulu wrote a tiny library he published on Npm, the package repository for NodeJS. (The Python equivalents would be PyPI + pip.)

That "library" contained only 11 lines of code in total, but it was downloaded MILLIONS of times every month of as a dependency in other JavaScript projects.

What Azer's magical "micro library" did, you ask?

It added a tiny piece of functionality that was frequently needed but wasn't a part of the NodeJS standard library:

The ability to pad out the lefthand-side of strings with zeroes or spaces. For example, to format numbers for display.

In Python you'd probably do something like this:

>>> n = '4'
>>> n.zfill(3)
'004'

Anyway, this tiny "left-pad" library was used across many projects, including important applications like Node itself.

One fine day, Azer decided to close his NodeJS package repository account…

Which removed all of the packages associated with it.

And suddenly, "left-pad" was no longer available for download…

Can you guess what happened to the dependency install setup steps on projects using "left-pad?"

Well, they came to a SCREECHING HALT:

App deployments became stuck dead in their tracks. Automated tests stopped working.

And thousands of developers couldn't even RUN their apps locally…

All because "left-pad" had disappeared—and some important build tools required it to work.

It was quite crazy. Even some newspapers reported about the "left-pad incident."

You can imagine that there was a lot of "bruhaha" about the NodeJS packaging system—

But to tell you the truth the *exact same thing* could happen at any time with Python's packaging repository, PyPI.

It's easy to think that pulling in functionality from 3rd party dependencies is always a net benefit.

But every time you're adding an external dependency to your own project you're walking a fine line…

BAD external dependencies can make your stomach churn as a developer or project maintainer.

The people who got burned by the NodeJS "left-pad" incident know what I'm talking about...

On the other hand, a great quality third-party package can save you hours or even days of work.

The challenge is deciding whether a dependency adds value or is just a liability:

>> See step-by-step how to research and make Python dependency decisions (and how to explain them to your team/manager)

— Dan Bader

P.S. There's an important skill that Python dev managers look for in a candidate, but they rarely find it. More on that tomorrow.

Older messages

[PythonistaCafe] Why PythonistaCafe exists

Wednesday, May 4, 2022

Hey there, In one of my last emails I talked about how some online communities in the tech space devolve over time and turn into cesspools of negativity. This relates directly to how and why I started

[Sublime + Python Setup] How to become a happier & more productive Python dev

Tuesday, May 3, 2022

Hey there, I really struggled with setting up an effective development environment as a new Python developer. It was difficult to build the right habits and to find a set of tools I enjoyed to use.

[Python Dependency Pitfalls] A total mess?

Tuesday, May 3, 2022

Hey there, Recently I watched a Pythonista ask for advice on setting up a Python project on his work machine. This new developer had some prior experience with NodeJS and had just started to get his

[PythonistaCafe] What makes PythonistaCafe different

Tuesday, May 3, 2022

Hey there, Mastering Python is *not* just about getting the books and courses to study—to be successful you also need a way to stay motivated and to grow your abilities in the long run. Many

[PythonistaCafe] Q&A

Thursday, April 28, 2022

Hey there, At this point you should have a pretty good idea of what PythonistaCafe is about and what makes it special. In this email I want to answer some common questions that I get asked about the

3D Printing in Higher Education & Research

Thursday, May 19, 2022

Adopt 3D printing in a way that delivers value for your institution View this email in your browser engineering.com Guide - 3D Printing in Higher Education and Research 3D Printing in Higher Education

💭 An Introduction to Content Federation | XS’ Issue #20

Thursday, May 19, 2022

💭 An Introduction to Content Federation | XS' Issue #20 By Esat from Experience Stack • Issue #20 • View online An Introduction to Content Federation When most people think of content management,

wpMail.me issue#563

Thursday, May 19, 2022

wpMail.me wpMail.me issue#563 - The weekly WordPress newsletter. No spam, no nonsense. - May 19, 2022 Is this email not displaying correctly? View it in your browser. News & Articles Does Market

You're invited to our next event - Mobile Development special edition 📱

Thursday, May 19, 2022

In case you've missed it Only 5 days left to join our TED-like online event! This time we will talk about Mobile Development 📱️ Accept Invitation Grab your free ticket Speakers Lineup 🎤 Our events

Google Took My Money and Canceled My Nest Service

Thursday, May 19, 2022

Read in Browser Logo for Review Geek May 19, 2022 I've been a subscriber to Nest Aware for years. I've long touted the Nest Video doorbell as the best premium smart doorbell you can buy. But

New York City's Airbnb listings may outnumber rentable apartments

Thursday, May 19, 2022

The Morning After Now available on your smart speaker and wherever you get your podcasts Apple Podcasts | Spotify | Google Play | iHeart Radio It's Thursday, May 19, 2022. Airbnb makes news for a

🟧 Edge#192: Inside Predibase, the Enterprise Declarative ML Platform

Thursday, May 19, 2022

Our goal is to keep you up to date with new developments in AI and introduce to you the platforms that deal with the ML challenges ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌

PHPWeekly May 19th 2022

Thursday, May 19, 2022

Curated news all about PHP. Here's the latest edition Is this email not displaying correctly? View it in your browser. PHP Weekly 19th May 2022 Hi everyone, It's another week of the latest news

Your weekly Notion templates #54

Thursday, May 19, 2022

3 new templates to grow your business 🔥 ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌

Post from Syncfusion Blogs on 05/19/2022

Thursday, May 19, 2022

BLOGS FOR YOU TODAY! Introducing Slot Template Support for Syncfusion Vue Components Read Blog Recommended Blogs 15 Must-Have Visual Studio Extensions for Developers Let's See What It Takes to