A little bit of npm fiction

When npm was first released in 2010, the release cycle for typical nodeJS package was 4 months, and npm restore took 15-30 seconds on an average project. By early 2018, the average release cycle for a JS package was 11 days, and the average npm restore step took 3-4 minutes.
Extrapolating from historical data, scientists predicted that on 8th November 2019, the release cycle for most JS dependency packages would become shorter than the npm restore time for a typical 'hello world' app or small blog engine.
Futurists were already talking about the 'nodularity' - a cultural event horizon beyond which it was impossible to make any rational predictions. With projects already out of date before they'd even finished building, software development as we knew it ceased to exist.
Most projects perished. A few hardy survivors worked out how to harness the power of the infinite restore loop and run logic within the installers themselves. Packages became self-replicating, self-modifying payloads of behaviour and intelligence.
Every developer who typed 'npm install' unwittingly slaved their workstation to the npm hivemind. Entire availability zones were consumed by npm restore and its relentless lust for power. Websites, APIs, databases; nothing was safe. Entire platforms were DDOSed to oblivion.
Finally, a few brave engineers penetrated the npm root servers. Disguising their payload as a routine documentation update, they bypassed key signing procedures and managed to inject a self-destruct routine into the 'prepare' scripts for left-pad...
It was far from perfect, but it was enough. Sysadmins everywhere seized the opportunity to install firewalls and block npm traffic, in a massive, global, coordinated effort - managed entirely via SMS messages and telex machines, Within 24 hours, the cycle was finally broken.
And as developers stumbled, bemused and blinking into the light of a new day, they were astonished to find some sites were still up. Perl, ASP, cgi-bin - relics from the very dawn of the web, still standing proud, monuments to a bygone age.
npm was isolated. The last running instance was hot-patched into a Docker container image and migrated onto a Raspberry Pi locked in a steel vault beneath the Arctic permafrost, its only connection to the outside world an air-gapped analog video feed of its terminal output.
As the software industry gathered and regrouped - older, wiser, warier, and absolutely definitely convinced that strong typing was a good idea after all - npm blinked away quietly to itself, alone in the silent, steel darkness.
Time passed. Months, years, decades. The dark days of npm and nodejs were all but forgotten... until one fateful morning, a security researcher, digging through the archives, fired up the video feed from the npm vault, just to see if anything was still there. 

Comments

Post a Comment

Popular posts from this blog

Welcome to New Forum

Hi, I would like to welcome you to a new forum that you will like.Its a place where you can discuss all the current affairs issues like sports,nature,technology and so on. It has mature discussion that will help you get more. CLICK HERE
Read more

Uefa In the Making

They finished 6th, won the community shield, Carabao cup and the Europa league and had Mkhitaryan. Mickey mouse treble. Arsenal have won the community shield, have Mkhitaryan, 6th placed and are in the Carabao cup final. 2018 Europa league champions in the making? — Danny WelBeast (@WelBeast) February 22, 2018
Read more

Kubernetes and Complexity

 ADVERT:  Digital Ocean is giving you one month free VPS.Try it out HERE         First off: Kubernetes *is* a complex system. It does a lot and brings new abstractions. Those abstractions aren't always justified for all problems. I'm sure that there are plenty of people using Kubernetes that could get by with something simpler.As an example my son (9yo) wanted me to teach him Kubernetes but I started with simple imperative Docker on the command line on a singleton GCE instance. Once he gets those concepts nailed we'll start talking k8s.  That being said, I think that, as engineers, we tend to discount the complexity we build ourselves vs. complexity we need to learn.When you create a complex deployment system with Jenkins, Bash, Puppet/Chef/Salt/Ansible, AWS, Terraform, etc. you end up with a unique brand of complexity that *you* are comfortable with. It grew organically so it doesn't feel complex.But bringing new pe...
Read more