Hacker News new | past | comments | ask | show | jobs | submit login

`padLeft` can't just inject itself into a software stack right? So there's an incentive to be valuable enough to be included.



Depends on how you do the accounting. "Well, you don't use padLeft, but 15 packages you depend on do, and 68 packages tjat those packages depend on do... Altogether you're looking at 348 instances of padLeft."


If there were a metric that would make each instance of padLeft worth a tiny amount of money (for such a tiny library), that sounds like a reasonable outcome to me.

EDIT: I may be missing part of the point


A trivial way to exploit this kind of system, I think, would be to write LegitimatelyUsefulLibrary, then write 1,000 PadLeft projects, and make LegitimatelyUsefulLibrary depend on all of them.

Since you are the one marking the dependency of LegitimatelyUsefulLibrary on your PadLeft projects, you can game the metrics however you’d like when making it.


But why would I, as a developer, use such a library? It would cut me out of profits unnecessarily. In fact when I’m picking my dependencies I will deliberately avoid those that take a larger slice of the pie than is worth it for me.


If I remember the story correctly the padLeft dev was actually pretty notorious for submitting patches to open source projects that 'coincidentally' added dependencies on his code.


Sources?




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: