A little bit of npm fiction

When npm was first released in 2010, the release cycle for typical nodeJS package was 4 months, and npm restore took 15-30 seconds on an average project. By early 2018, the average release cycle for a JS package was 11 days, and the average npm restore step took 3-4 minutes.
Extrapolating from historical data, scientists predicted that on 8th November 2019, the release cycle for most JS dependency packages would become shorter than the npm restore time for a typical 'hello world' app or small blog engine.
Futurists were already talking about the 'nodularity' - a cultural event horizon beyond which it was impossible to make any rational predictions. With projects already out of date before they'd even finished building, software development as we knew it ceased to exist.
Most projects perished. A few hardy survivors worked out how to harness the power of the infinite restore loop and run logic within the installers themselves. Packages became self-replicating, self-modifying payloads of behaviour and intelligence.
Every developer who typed 'npm install' unwittingly slaved their workstation to the npm hivemind. Entire availability zones were consumed by npm restore and its relentless lust for power. Websites, APIs, databases; nothing was safe. Entire platforms were DDOSed to oblivion.
Finally, a few brave engineers penetrated the npm root servers. Disguising their payload as a routine documentation update, they bypassed key signing procedures and managed to inject a self-destruct routine into the 'prepare' scripts for left-pad...
It was far from perfect, but it was enough. Sysadmins everywhere seized the opportunity to install firewalls and block npm traffic, in a massive, global, coordinated effort - managed entirely via SMS messages and telex machines, Within 24 hours, the cycle was finally broken.
And as developers stumbled, bemused and blinking into the light of a new day, they were astonished to find some sites were still up. Perl, ASP, cgi-bin - relics from the very dawn of the web, still standing proud, monuments to a bygone age.
npm was isolated. The last running instance was hot-patched into a Docker container image and migrated onto a Raspberry Pi locked in a steel vault beneath the Arctic permafrost, its only connection to the outside world an air-gapped analog video feed of its terminal output.
As the software industry gathered and regrouped - older, wiser, warier, and absolutely definitely convinced that strong typing was a good idea after all - npm blinked away quietly to itself, alone in the silent, steel darkness.
Time passed. Months, years, decades. The dark days of npm and nodejs were all but forgotten... until one fateful morning, a security researcher, digging through the archives, fired up the video feed from the npm vault, just to see if anything was still there. 

Comments

Post a Comment

Popular posts from this blog

Why i Love Haskell

  ADVERT:  Digital Ocean is giving you two months free VPS.Try it out HERE       Recently someone asked me what I liked about Haskell and if I thought it was the best language. I said I liked it, but it wasn't the best.I like Haskell because it lets me build larger systems, more easily, and with less hassle, than any other lang I've used. It feels much more solid in the hand, like a quality hammer, compared to eg Python, which to me feels fragile, and cheap. I'll put more confidence in Haskell.Haskell solves pretty much all issues that arise for small to medium sized projects and many that arise for large and very large projects. This is unlike Python/Java/C/PHP/Bash/C#/Scala which have issues at all scales. (I will collectively call them Python#++)       As we look at ever larger Haskell codebases, while Haskell allows us to work with them orders of magnitude better than any language I have used, and while it guards us from outright bugs a
Read more

Welcome to New Forum

Hi, I would like to welcome you to a new forum that you will like.Its a place where you can discuss all the current affairs issues like sports,nature,technology and so on. It has mature discussion that will help you get more. CLICK HERE
Read more

Feature Branching and GitHub

ADVERT:  Digital Ocean is giving you one month free VPS.Try it out HERE Today I'd like to talk about feature branching and GitHub—how we got here, what they are (and aren't) good for, why that matters, and what you can do instead. Join me, friends!       First, a definition: "Continuous Integration is the practice of merging all developer working copies to a shared mainline several times a day." That's from about 1998(!).That's what CI is: developers merging to master, often working in pairs, and shipping artifacts, _at least_ once a day. Here's what it's not: a piece of infrastructure, something your DevOps team does for you, or running tests against your feature branches. Why talk about CI? Because most teams who feature branch aren't CIing. It's a process, not a tool. It is something that you as a team choose to do, or not. You don't need a CI server to do CI. You can have one and not do it.      Th
Read more