Why JS Ecosystem is a MESS?

Every month, GitHub dependabot notifications force you to upgrade some dependency or another, so what could possibly go wrong? At least, that's what I thought.

After the upgrade, the project refused to build with the error
Syntax Error: TypeError: eslint.CLIEngine is not a constructor.

Really? A syntax error in a tiny project that was building just fine before the upgrade, and that too, not in the little code I wrote, but in the tooling?

I don't recall any language's environment being "modernized" in this way, becoming so absurdly intricate that one would mistake it for a joke. Naturally, the symptoms were visible with the leftpad.

With each upgrade, I'm sick of seeing breaking changes in WIP projects.

Is this something I'm experiencing alone?

What are your thoughts on the matter?
I'd be delighted to hear it.

Please share your views on this.

Comments

[Andrew Baisden]

Pretty sure this is common across all programming languages. Anytime there are changes or updates to the language bugs and issues sometimes appear. But these get fixed over time.

Dependabot is just doing its job.

Dependabot helps you keep your dependencies up to date. Every day, it checks your dependency files for outdated requirements and opens individual PRs for any it finds. You review, merge, and get to work on the latest, most secure releases. Dependabot is a tool in the Dependency Monitoring category of a tech stack.

stackshare.io/dependabot

[aayush]

It hurts when something breaks for no reason.

[naveennamani]

Too much dependencies makes this even more worse. You install one package which has more than 100 dependencies and those dependencies have again more dependencies and so on. When the depth and breadth of this dependency tree gets minimal, this kind of breaking changes effects less because you have less packages to worry about.

But honestly, once I start a project, I never upgrade or update any packages unless it has some bugs which breaks my progress. Even for updating I create a new gitpod instance, and manually update all major dependencies one by one to detect the spoiler early on.

[aayush]

I guess Ryan was so right when he said NPM was a mistake. I am glad he came up with Deno.

[Ivan Jeremic]

This is not a JS issue that is normal in all languages upgrade test if it fails help fix it util it works then upgrade again and merge.

[aayush]

Not at all. Things are much better in the worlds of Go and Deno.

[Ivan Jeremic]

Not at all you are just repeating stuff you read. Why do you think so manny people are now recreating the package.json as deps.ts, also there is still no solution to someone changing the code of the same version without you even noticing.

[naveennamani]

also there is still no solution to someone changing the code of the same version without you even noticing.

That's an interesting problem

[tzwel]

just don't upgrade when you don't have to

[aayush]

It is not always possible. 🤗