Read on Twitter
Marketing claim: "Small packages let them be focused and simple, so there are fewer bugs!"
Reality: this dedent library solves a simple problem, is installed millions of times every week, and is broken:
> String.raw`a\nb`
& #39;a\\nb& #39;
> dedent(String.raw`a\nb`)
& #39;a\nb& #39;
Reality: this dedent library solves a simple problem, is installed millions of times every week, and is broken:
> String.raw`a\nb`
& #39;a\\nb& #39;
> dedent(String.raw`a\nb`)
& #39;a\nb& #39;
Peeked at the source. No one will be surprised to learn that this is because the author forgot an anchor on a regex.
I& #39;d PR a fix, but the package is de facto unmaintained despite hundreds of millions of installs per year.
Meanwhile, Python& #39;s standard library ships with a dedent that works just fine (of course):
>>> dedent("a\nb")
& #39;a\nb& #39;
>>> dedent(r"a\nb")
& #39;a\\nb& #39;
That& #39;s maintained by the Python core team, which is backed by the Python Software Foundation, which is a funded non-profit.
>>> dedent("a\nb")
& #39;a\nb& #39;
>>> dedent(r"a\nb")
& #39;a\\nb& #39;
That& #39;s maintained by the Python core team, which is backed by the Python Software Foundation, which is a funded non-profit.
The JS ecosystem believes that tiny packages with decentralized maintainership are best, but it also put all of those packages in a centralized repository owned by a private for-profit company, so it gets to experience the risks and failures of both of those mistakes.
A better alternative: a giant "stringutils" package that everyone depends on. The underscore/lodash model isn& #39;t as good as a true standard library but it& #39;s superior to a million "isEven" and "leftPad" and "dedent" functions, all unmaintained and with their own bugs.
I tried another dedent package on npm. It& #39;s not broken in this way, but it& #39;s broken in a different and even worse way.
Package #3 is based on the first package, and copies over its regex bug due to lack of anchor.
Package #4 treats spaces as tabs as interchangeable, which is also wrong.
Package #5 has the same bug regarding "\n" in a raw string.
What do I do here? Write another dedent library? Or I guess I could continue evaluating the 6th through 25th packages on npm that match "dedent"...
Python& #39;s dedent is shorter than most of these NPM packages, radically easier to read, and doesn& #39;t contain any of the various bugs that plagued the five dedent libraries that I tried from NPM. #L414">https://github.com/python/cpython/blob/eb97b9211e7c99841d6cae8c63893b3525d5a401/Lib/textwrap.py #L414">https://github.com/python/cp...
(This is 0% about the authors of the packages. The design of the NPM ecosystem itself encourages this kind of failure, whereas the Python standard library& #39;s maintenance policies encourage a stable, well-maintained, high-quality library. 19 people have touched that Python file.)
