Study: 97% Of NodeJS Projects Depend On Package Containing npm Creator's Shopping List

May 7, 2017

CAMBRIDGE - In a press conference today, MIT researchers unveiled their discovery from an exhaustive analysis of the entire NodeJS package manager (npm) repository: nearly every package in existence has a direct or indirect dependency on "shopping-list", which is nothing more than a text file written by npm creator Isaac Schlueter listing things he needed to buy from the supermarket in mid-October of 2010. The month-long study found that approximately 462,000 of the nearly half-million available entries in the npm catalogue would call into existence a fresh copy of stufftobuy.txt upon executing the "npm install" command.

Documents released by the research team indicate that the shopping-list package was likely an accidental addition by Schlueter to the npm repository in its infancy. A careless package.json incorporation by an unknown adjunct repository package was all that was needed for shopping-list to mushroom into one of the most installed packages on the site. One researcher remarked that this outcome was unsurprising, since "nobody knows what the hell is inside their node_modules directory anyway, everyone just installs a ton of crap without consideration of its composition".

When questioned by reporters, the research team indicated it was highly skeptical of the necessity of a simple text file containing strings like "granola bars", "bananas", and "toilet paper", but since the file was not even 1 kilobyte in size, it was probably prudent to just leave it be. The team made it clear that, although it was out of the purview of their study, it would be computationally feasible - though expensive - to conclusively determine if any packages in the repository actually required the presence of strings like "band aids" and "shaving cream" inside stufftobuy.txt to operate properly.

You might also enjoy:

Software Engineer Entertains Erotic Fantasy About Rewriting Entire Codebase From Scratch
Rideshare Passengers Descend Into Awkward Silence After Driver Misses Glaringly Obvious Turn Six Blocks From Destination
Smartphone Stubbornly Clings To WiFi Signal Long After It Should Have Given Up And Switched To 4G
EXCLUSIVE: JavaScript Creator Reveals Brain Hemorrhage As Cause Of Language's Most Hated Features
Software Companies Seeing Dramatic Improvements Following Shift To Reading Chicken Entrails For Project Completion Estimates
Software Engineer Feeling Like Neanderthal After Glimpsing Colleague's Superior Development Tooling
Mozilla Announces Firefox "Shame Mode" For Engineers Wanting To Conceal Rudimentary Documentation On Their Screen
Ransomware Offers New Frontier For Excuses From Homework-Avoiding Schoolchildren
Software Engineer Should Probably Cool It With The Print Statements After Two Hours Of Getting Nowhere
Amazon Unveils Home Assistant Designed To Simulate Drive-Thru Ordering Experience
Code Review Spanking Machine
Autonomous Vehicle Engineers Struggle Against Resurgent Rubbernecking Behavior In Self-Driving Car AIs
Snapchat Denies Allegations Suggesting Company Logo Is Silhouette Of Severed Orc Head
Man Horrified Upon Discovering Six Hour Debugging Session Caused By String Mismatch
Senators Burr, Feinstein Hopelessly Dependent On Encryption In Efforts To Pass Encryption-Destroying Law
Man Feeling Unimportant After Not Being Targeted By Google Docs Phishing Attack
Theranos CEO Elizabeth Holmes To Join Board Of CHEAT, A Nonprofit Intent On Eroding Ethical Norms
Midsize Startup Impulsively Adopts Trendy JS Framework in Effort to Rectify Insurmountable Technical Debt
Startup Engineer Unwittingly Implements Crappier Version of Open Source Project
Startup Equity Handbook
Tech Interview Torture Chamber
The Tenacity of Tech Recruiters