Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

remove shebang-regex #4

Closed
wants to merge 1 commit into from
Closed

remove shebang-regex #4

wants to merge 1 commit into from

Conversation

crebier-corentin
Copy link

@crebier-corentin crebier-corentin commented Sep 1, 2019
edited
Loading

Hello,

The actual shebang regex is 9 characters long, the import syntaxe is longer than the actual regex and the package also contains a license, a package.json file, a readme and a type definition file !
The package is 2 828 bytes while the regex is only 9 bytes, it is 314 times bigger than the regex.

shebang-command has 9 223 330 weekly downloads, if we remove the package we can save 26 000 567 270 bytes (More than 2,6 Gb) bytes of useless files.

Also more packages means more risk, here's an article talking about it :
I’m harvesting credit card numbers and passwords from your site. Here’s how.

An incident has already happened this year with the package event-stream :
Malicious code found in npm package event-stream downloaded 8 million times in the past 2.5 months

@crebier-corentin
Copy link
Author

crebier-corentin commented Sep 1, 2019
edited
Loading

Seems like the travis errors on node 0.10 and node 0.12 comes from babel

@crebier-corentin crebier-corentin mentioned this pull request Sep 2, 2019
Merged
4 tasks
@kevva
Copy link
Owner

kevva commented Sep 9, 2019

https://blog.sindresorhus.com/small-focused-modules-9238d977a92a

@kevva kevva closed this Sep 9, 2019
@crebier-corentin
Copy link
Author

Making libraries to re-use code isn't a bad thing, but they have an overhead (package.json, license file, import syntax...) and in the case of shebang-regex that overhead is bigger than the code itself.

Moreover the shebang syntax has not changed since 1980 and has zero reason to change so copy-pasting the regex is as usefull as pulling in a package.
The advantage of copy-pasting is having no overhead.

@dmitmel
Copy link

dmitmel commented Nov 1, 2019

Totally agree with @bibo5088. Any decent programmer who knows how to use regular expressions should be able to write a regex that tests whether a string starts with #! or not (this regex is ^#!). What is the reason to move such simple constant into a separate module? It It takes five seconds to write /^#!/, yet now everyone who uses shebang-command has to waste Internet traffic by downloading a copy of the MIT license, package.json and README.md.

@girng
Copy link

girng commented Nov 2, 2019

God, npm works in mysterious ways

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@crebier-corentin @kevva @dmitmel @girng