Profile picture
Dylan Beattie 🇪🇺 @dylanbeattie
, 11 tweets, 2 min read Read on Twitter
When npm was first released in 2010, the release cycle for typical nodeJS package was 4 months, and npm restore took 15-30 seconds on an average project. By early 2018, the average release cycle for a JS package was 11 days, and the average npm restore step took 3-4 minutes. 1/11
Extrapolating from historical data, scientists predicted that on 8th November 2019, the release cycle for most JS dependency packages would become shorter than the npm restore time for a typical 'hello world' app or small blog engine. 2/11
Futurists were already talking about the 'nodularity' - a cultural event horizon beyond which it was impossible to make any rational predictions. With projects already out of date before they'd even finished building, software development as we knew it ceased to exist. 3/11
Most projects perished. A few hardy survivors worked out how to harness the power of the infinite restore loop and run logic within the installers themselves. Packages became self-replicating, self-modifying payloads of behaviour and intelligence. 4/11
Every developer who typed 'npm install' unwittingly slaved their workstation to the npm hivemind. Entire availability zones were consumed by npm restore and its relentless lust for power. Websites, APIs, databases; nothing was safe. Entire platforms were DDOSed to oblivion. 5/11
Finally, a few brave engineers penetrated the npm root servers. Disguising their payload as a routine documentation update, they bypassed key signing procedures and managed to inject a self-destruct routine into the 'prepare' scripts for left-pad... 6/11
It was far from perfect, but it was enough. Sysadmins everywhere seized the opportunity to install firewalls and block npm traffic, in a massive, global, coordinated effort - managed entirely via SMS messages and telex machines, Within 24 hours, the cycle was finally broken. 7/11
And as developers stumbled, bemused and blinking into the light of a new day, they were astonished to find some sites were still up. Perl, ASP, cgi-bin - relics from the very dawn of the web, still standing proud, monuments to a bygone age. 8/11
npm was isolated. The last running instance was hot-patched into a Docker container image and migrated onto a Raspberry Pi locked in a steel vault beneath the Arctic permafrost, its only connection to the outside world an air-gapped analog video feed of its terminal output. 9/11
As the software industry gathered and regrouped - older, wiser, warier, and absolutely definitely convinced that strong typing was a good idea after all - npm blinked away quietly to itself, alone in the silent, steel darkness. 10/11
Time passed. Months, years, decades. The dark days of npm and nodejs were all but forgotten... until one fateful morning, a security researcher, digging through the archives, fired up the video feed from the npm vault, just to see if anything was still there. 11/11
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Dylan Beattie 🇪🇺
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @dylanbeattie see all

Profile picture
’Twas the night before Christmas, and all through the room,
The desks cold and empty, alone in the gloom,
The team were all home, on a well-deserved break,
Recalling true meanings of ‘cookies’ and ‘cake’
The code was all tested, all green and no red,
The roadmap was groomed for the year ahead,
The flatscreens were dark, the keyboards were quiet,
And nothing was failing except for my diet,
As I sat on the sofa, and reached for the wine,
I opened up Slack, to see who was online,
I told them I wouldn’t be working today...
But I’ll just check it once, and then put it away,
Read 12 tweets

Related threads

Profile picture
Heya! This thread is going to be a mini-review of the @Surface Go for development purposes. #nodejs #javascript
The Surface Go is a 400 gram Surface device with a 64 bit Intel CPU, and Windows 10.
TLDR: I'm VERY happy. 😊
Read 13 tweets
Profile picture
45 Days Of @ElvisCostello: a twitter megathread in anticipation of the Oct 12 release date of LOOK NOW, the new LP by Elvis Costello & The Imposters

This is either a bright idea or a brilliant mistake, but this is only, this is only, this is only the beginning...
I did something similar to this 5 years ago, in anticipation of EC & @theroots' Wise Up Ghost LP, on tumblr.

(You can still find all those posts if you look, although a lot of the YouTube links etc are now dead ends. It was 40 Days Of EC then, so for 2018 I'm upping it to 45.)
Mostly I will be going chronologically from the early years right up to the present, but it feels right to start out with Costello's 2002 song, "45."

Music Video directed by @jessebdylan


(There's an alternate "diner" version I can't find anywhere online)
Read 2378 tweets
Profile picture
HISTORY -- With Nzekwe Gerald Uchenna

THE STORY OF CHIEF MKO ABIOLA AND THE JUNE 12, 1993 ELECTION -- The Death of An Uncrowned Nigeria President

MKO Abiola was a Nigerian Yoruba businessman, publisher, politician and aristocrat of the Yoruba Egba clan.
The political turmoil endured by the citizens of Nigeria during the final decades of the twentieth century was led by varied group of individuals who wanted the end of Military rule in Nigeria, And One of the most influential Person's then, was Chief Moshood Abiola.
Abiola was the presidential candidate for the Social Democratic Party (SDP) with his promises of change and slogan of “Hope 93”, won states in the north, east and western parts of the country in an election that was later annulled by then president General Ibrahim Babangida,...
Read 110 tweets
Profile picture
Banyak banget yang nanya, ngerjain startup tu asik ya? Gw share dikit ya ilmu gw di per-startup-an selama 13 tahun terakhir. Bakal panjang ya jadi sabar-sabar ngikutinnya
Gw yakin banyak banget di sini yang ngebayangin jadi kaya Mark Zuckerberg gara-gara nonton the social network. Bikin startup tidak seindah itu, apalagi jaman sekarang, PENUH PENDERITAAN. Iya lo ga salah baca. PENUH PENDERITAAN. Tapi bukan berarti ga asik kok sob nanti lo liat
Pengalaman startup pertama gw dimulai tahun 2005. Startup pertama gw adalah sebuat software house. Jaman itu masih ngenes lah. Kenapa ngenes? Itu jamannya masih kalo lo di bidang IT harus bisa jadi superman yang bisa segala macem dan dibayar serendah mungkin
Read 175 tweets
Profile picture
1. The GOP Lacks Strategic Courage - here is my take on #Release the Memo
Once again Trumpians were left holding the bag and having to do a clean-up in aisle 5.
2. The GOP yet again over promised and under delivered. Frustratingly this was not for a lack of information or Democratic malfeasance but from the complete mismanagement by the GOP.
3. The GOP lacks strategic courage to do what needs to be done. The GOP twists itself to accommodate & appease the DNC. The Senate Intelligence Committee took the political scandal of the century and distilled it down into a weak & mealy-mouthed critique of the FBI FISA process.
Read 16 tweets
Profile picture
Forgive the silence if you can.

I've been putting chess pieces in place for 2018, which is going to be a fantastic year. My efforts to help topple Eric Schmidt have not gone unnoticed, as my WordPress honypot was compromised and Yair Rosenberg gave his confession.

(1/3)
I was supposed to scrub the #nodejs affair during the pre-Trump era out of fear, but I did not. I believed it was the key to nail Silicon Valley to the cross if I played my cards right. I did, and thanks to the WordPress compromise points, we can finally talk Guccifer 2.0

(2/3)
Why did NodeJS and GitHub employees collude to erase evidence of trying to intimidate me in 2013? That's the same question as: Why has WordPress been quiet about the data they have on Guccifer2.0?

Dig away, anon. Every disgruntled dev has a database to sell.

(3/3)
Read 5 tweets

Trending hashtags

#Seals #EVIDENCE #CambridgeAnalytica #Evil #Chosen #network #safetyoverspeed #mmm #gagalmaningson #Atlantic #massadoption #HRC #painpoint #nodejs #BadWordSat #Map #hurlyburly #MARKETProtocol #Coup #PUBLIC #concern #Confirmed #cdnpoli #Easter #North

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!