Read on Twitter
Marketing claim: "Small packages let them be focused and simple, so there are fewer bugs!"
Reality: this dedent library solves a simple problem, is installed millions of times every week, and is broken:
> String.raw`a\\nb`
'a\\\\nb'
> dedent(String.raw`a\\nb`)
'a\\nb'
Reality: this dedent library solves a simple problem, is installed millions of times every week, and is broken:
> String.raw`a\\nb`
'a\\\\nb'
> dedent(String.raw`a\\nb`)
'a\\nb'
Peeked at the source. No one will be surprised to learn that this is because the author forgot an anchor on a regex.
I'd PR a fix, but the package is de facto unmaintained despite hundreds of millions of installs per year.
Meanwhile, Python's standard library ships with a dedent that works just fine (of course):
>>> dedent("a\\nb")
'a\\nb'
>>> dedent(r"a\\nb")
'a\\\\nb'
That's maintained by the Python core team, which is backed by the Python Software Foundation, which is a funded non-profit.
>>> dedent("a\\nb")
'a\\nb'
>>> dedent(r"a\\nb")
'a\\\\nb'
That's maintained by the Python core team, which is backed by the Python Software Foundation, which is a funded non-profit.
The JS ecosystem believes that tiny packages with decentralized maintainership are best, but it also put all of those packages in a centralized repository owned by a private for-profit company, so it gets to experience the risks and failures of both of those mistakes.
A better alternative: a giant "stringutils" package that everyone depends on. The underscore/lodash model isn't as good as a true standard library but it's superior to a million "isEven" and "leftPad" and "dedent" functions, all unmaintained and with their own bugs.
I tried another dedent package on npm. It's not broken in this way, but it's broken in a different and even worse way.
Package #3 is based on the first package, and copies over its regex bug due to lack of anchor.
Package #4 treats spaces as tabs as interchangeable, which is also wrong.
Package #5 has the same bug regarding "\\n" in a raw string.
What do I do here? Write another dedent library? Or I guess I could continue evaluating the 6th through 25th packages on npm that match "dedent"...
Python's dedent is shorter than most of these NPM packages, radically easier to read, and doesn't contain any of the various bugs that plagued the five dedent libraries that I tried from NPM. https://github.com/python/cpython/blob/eb97b9211e7c99841d6cae8c63893b3525d5a401/Lib/textwrap.py#L414
(This is 0% about the authors of the packages. The design of the NPM ecosystem itself encourages this kind of failure, whereas the Python standard library's maintenance policies encourage a stable, well-maintained, high-quality library. 19 people have touched that Python file.)
