About NPM deprecation warnings

It baffles me how many deprecation warnings appear when installing some NPM package. Like if I was the only one in the world seeing them, and worrying about them.

% npm i -g truffle

Some people say: “if it’s important (e.g. a security problem), notify the package maintainers; if not, ignore the deprecation warning.

NPM deprecation warnings are displayed without any classification with respect to the dependency where they originate.

  • If the code of the deprecated package was not used at all (fake dependency), then we could safely ignore the deprecation warning.
  • If the code of the deprecated package was only used in development (dev dependency), then we could almost safely ignore the deprecation warning.
  • If the code of the deprecated package was also used in production, then we couldn’t ignore the deprecation warning without a detailed analysis.

Sample analysis

Let’s look at the first warning above:

testrpc@0.0.1: testrpc has been renamed to ganache-cli, please use this package from now on.

The deprecation message is not alarming. What should I do? Let’s research a bit more.

Here is the path from testrpc back to truffle:

% npm –global –all ls testrpc@0.0.1

/Users/andrea/.nvm/versions/node/v16.13.0/lib
└─┬ truffle@5.4.18
  └─┬ @truffle/db@0.5.36
    └─┬ @truffle/resolver@7.0.34
      └─┬ @truffle/contract@4.3.39
        └─┬ @ensdomains/ensjs@2.0.1
          └─┬ @ensdomains/ens@0.4.3
            └── testrpc@0.0.1

And here is the package.json in truffle:

package.json

Looking into package.json, we see that @truffle/db is an optional dependency, i.e. a production dependency which could also be not automatically installed when installing truffle.

Looking into @truffle/db, we see that it allows to configure truffle for using it:

db: {
  enabled: true
}

Given that I went for the default installation (and I don’t have a replacement ready), this is a production dependency for me. What should I do? Let’s research a bit more.

Googling @ensdomains/ens we get to the project page on GitHub:

https://github.com/ensdomains/ens

So this project is pretty popular, used by 7.7k other projects. And yet it uses a deprecated package. It’s still unclear what should I do.

This project was included (in its parent, @ensdomains/ensjs) at version 0.4.3. Such a version is nowhere to be found in the repo: not a release, not a tag, not a branch.

Let’s assume it’s a close ancestor of the current code in the master branch, which is marked as 0.5.0 in package.json.

This is what we get after searching for testrpc in the repo:

We see that this is a code dependency whose code is never used but the package name is cited in a README file. That’s it. it’s a fake dependency.

Now, I needed (wasted) a solid hour to find that out. That’s unreasonable.

Could a tool automate all of the above? Not really, because I had to assume that the code of the lost version 0.4.3, in all places where testrpc would be used, is equivalent to the code of the master version (maybe 0.5.0).

Posterity

There is something else that troubles me. If I wanted to persist the result of my research there is little support in the Open Source world as a whole. (I could be wrong. Please, correct me if you know better.)

A possible, but cumbersome, and incomplete solution could be one based on the following tools:

  1. selective dependency resolutions, implemented in NPM by npm-force-resolutions
  2. a fork of @ensdomains/ens (the troublesome package), where I could fix its deprecated dependencies, like aercolino/ensdomains-ens#fix-deprecations
  3. force a resolution, like
{
  "@ensdomains/ens@0.4.3": "aercolino/ensdomains-ens#fix-deprecations"
}

However, that is totally hypothetical, because:

  • the package whose installation complained about testrpc@0.0.1 is global, which means that I do not have any package.json file where I can add my resolutions
  • npm-force-resolutions is poorly documented
  • the Selective dependency resolutions feature of Yarn, upon which npm-force-resolutions is based, doesn’t seem to support versions on the left, nor full repos on the right.

In the end, my research is going to get lost (in my biological memory) and my confidence in NPM lowers.

Looking for the perfect match

Lately, I passed through many selection processes, and I still will go through some more. Did I meet a company where I really wanted to work at? Surely, for many I could have made a positive impact working there. But none was a perfect match. 1I’m not talking about cultural fit here

Why do we look for the perfect match? We should already know that such a thing doesn’t even exist. Lasting couples aren’t a perfect match. How can colleagues be a perfect match to each other? For n colleagues, that would require n * (n - 1) / 2 perfect matches. Insane.

I don’t look for the perfect match with my colleagues, but I must confess that I’m often relieved to get rejected by colleagues which present to me in the testudo formation.

Almost impossible to be admitted here, by design.

How do you expect to find a new team mate if, as soon as a discussion arises, you close ranks and state you know better. Nonetheless, they keep looking for the perfect match, which boils down to a developer with the biggest experience to write quality code without spoon-feeding her, and the smallest experience to follow orders with humbleness.

That, or likemindedness. Isn’t it a known problem to hire like minded people?

Such practices can 2I stroke this through also lead to groupthink where all go along with decisions for the sake of team harmony. Creativity, innovation and growth can 3I stroke this through suffer in the absence of diversity, vigorous debate and conflict.

I never liked to sheepishly follow others. Decades ago, when I was 10 years old, our school teacher gave us a mathematical problem to solve cooperatively. I immediately found a short solution, and shared it with the others. They dismissed it and decided to elaborate one of their own. How proud I was when our teacher validated my answer and not theirs.

During my job interviews, I genuinely make an effort to understand and value the programming decisions, mostly the architectural ones, that my yet-to-be colleagues made in the projects I’m asked to collaborate in. How could I not show my surprise when they tell me:

  • We can’t use Docker / Kubernetes because our setup is too complex
    • What? They are used at Google, I don’t think they have a simpler setup.
  • We prefer vanilla JavaScript to React, because it wouldn’t scale for us.
    • What? It’s used at Facebook, I don’t think they have a smaller scale.

About legacies

I just stumbled upon the job offer that BeTIX 1the company where I had been working for the last 3 years, up to two months ago published to fill the vacancy I left.

Here it goes.

Role & Responsibilities

  • Reporting to the CTO, to be the reference in the Front development of the own platform. 2this is the same promise they made to me during my face to face job interview (after delivering a stellar solution to their job challenge) to entice me, but they were never able to hand over anything to me of their huge AngularJS platform in the next 3 years
  • Lead a migration project from AngularJS to a more current efficient solution, possibly VueJS. 3this is what I suggested just two months after I started working there; I had compiled and shared with them a GitLab repo with work-in-progress documents, describing all the steps I envisioned to migrate their big ball of mud, AngularJS, ES5 app to a well architected, VueJS, ES6+ app; they never ever gave me any feedback, until this posthumous job offer
  • Ensure the highest quality of the software developed. 4the newcomer will find the bar quite high indeed; the only feedback I got from the general manager was his praise of my excellent programming skills
  • Possibility of managing a team. 5this was also part of the initial enticing offer they made to me, but the initial team of 2.5 frontend developers shrank to one of 1.5 after a few months; I was the 1 and the .5 was another guy which (in his other .5) also developed the Java middleware; he had been doing both since the start of the company (7 years ago)

Skills & Qualifications

  • Empathy with our Product, high communication skills and a desire to understand how our BeTIX platform works. 6did I say anything about a big ball of mud? be ready for it
  • Experience of at least 4 years in FrontEnd development and specifically with AngularJS. 7this will be of little help to you, as it was to me; not only because of the big ball of mud, but also because the original developers who chose AngularJS, and knew how to create an AngularJS app, had left the company years before my arrival; now you will find misuses at many levels, together with indiscriminate use of $scope and timeouts, be ready for it
  • Ability to build leadership based on both technological mastery and the ability to combine team, tasks and effort, leading by example.
  • Committed, positive, decisive, empathetic person, with the ability to work in a team and quality-oriented.
  • Aligned with continuing to build the best Product on the Market to provide the best services to our Clients

Benefits

  • Face-to-face 4 days a week
  • 1 day remote
  • Office in Barcelona Center 8nice and spacious office, in the most central street, close to public transportation of any kind, but a bit expensive to eat out, be ready for it
  • Indefinite contract
  • Flexible schedule
  • Solid, growing and sustainable project
  • REAL growth possibility 9I doubt it, the company was very small (15 employees) when I joined it, and it was much smaller when I left (5 employees)