I understand the general point you're making, but the pg package isn’t a good example. It has 6 deps, not 13, and 5 of those are internal packages from the same monorepo without additional dependencies. There’s only a single external dependency, and that one brings in just one additional package.
In my opinion, the pg repo and packages are an example of how OSS stuff should be maintained. Clean repo, clean code, well-maintained readme, and clearly focus on keeping things simple instead of overcomplicating.
Fair point, I was counting what lands in node_modules rather than direct deps. And most of those are brianc's monorepo packages so the trust surface is way smaller. Bad example on my part.
Can somebody provide an archive link? Trying to access the site, I get a Cloudflare security page that says my access has been blocked by some security rules.
The target audience also includes Angular developers. NestJS emulates several aspects, such as modules, that it doesn't necessarily need to mimic Angular's appearance.
I cannot pass judgment on whether this is good or bad, but I can easily see how this familiarity can be beneficial for the average programmer.
> For a long time NestJS depended on class-validator ... and regularly suffers from security vulnerabilities that can take years to fix.
As a maintainer of class-validator, I'd like to clarify that this is not accurate. Legitimate security issues, when reported, are promptly addressed. The multi-year security alert listed in NIST NVD is akin to the bogus report that the curl maintainer discussed a few months ago.
In a nutshell, the report suggests that specific settings can potentially lead to validation bypass, which is indeed the case because these settings determine whether unknown objects should fail or pass the validation. This is analogous to my creating a CVE for Windows simply because anyone can access my computer when I haven't set a password.
However, the other part about the scare support is sadly true though.
I think the most bad rep for RxJS comes from using it when it is not needed.
Parent comment said:
> But the problems they solve are also unintuitive.
Do you consider calling a JSON API unintuitive or complex? If not, then you may be using the wrong tool. If you need nothing else, you are perfectly fine using a promise.
If you need to await extra requests, transform them, and react to other events then you need RxJS. For a simple call, you do not.
> I would imagine most people’s use case (mine certainly is) for RxJS boils down to “call a JSON API and receive a response”. That shouldn’t be a hard problem
Do you consider the following code hard to understand or are you are making requests in a more complex way?
```
this.network.get('<url>').subscribe(response => <do whatever you want here>)
```
Even if we agree to disagree that the above code snippet is hard to understand, you can just convert it to a promise:
No, that call isn’t difficult. What is more difficult are examples given on things like Angular University, where there are pipe, subscribe, catchError, among others, in a single call chain. It’s not obvious to me at all what the order of execution is in this call chain for instance:
If you look at a snippet of code in a language you don’t understand you wouldn’t call it intuitive. Once you learn the language you might see that what what was unintuitive before is intuitive and idiomatic now.
Once you learn how RxJS works examples like the one anbove anre intuitive.
Angular 2’s most egregious crime is that their tutorials try to make it (and RxJS) seem “simple”. They aren’t. They’re powerful.
Thanks for this! There are more than 400 comment here, so my post will be probably buried instantly but I just need to share this with someone!
I just have finished playing A Plague Tale: Requiem[1] a few days ago, and I spent the last two days with this strange feeling of sadness, almost grieving. It is such a masterpiece of emotions, the story of the bond of a sister and brother who went through hell to save the boy.
I remember the first game had the same effect when I played it the first time. For days I felt the with a mix of sadness and happiness. The developers have been successful creating such a strong bond to the characters that I felt I am practically there next to them, experiencing the pain and happy moments alike.
I really suggest everyone who has the smallest intention to play games to experience these two masterpieces[2][3]. (You definitely need to play the first game to be able to experience the second to its fullest.)
Since we are on HN, one technical detail that impress me so much the number of unique animations they created to give life to the word around us and to show the bond between the two of them. Like how Amicia waits for Hugo to get down from the ladder every time or how Amicia picks Hugo up multiple times during the storyline to carry him.
Thanks for letting me share this, I hope all of you have a nice day!
> There are more than 400 comment here, so my post will be probably buried instantly
For you and other late repliers: there really are people (like me) scanning the answers. I was also late-ish, and still people read it. It's really nice to see the variety of interests people have, even though –understandably– much of it is on the geeky/nerdy side. We do flock together, after all.
> Thanks for letting me share this, I hope all of you have a nice day!
> ...team is great and lot of interesting challenges...
A great team and exciting challenges are a strong retaining factor, and I dare to say, it's way harder to find a job that excites you than one which pays well.
It's worth a note that this was introduced with the latest DLC, and the AI currently is hopelessly broken as it does not understand the importance of defending your railway lines connecting your supply depots.
In my opinion, the pg repo and packages are an example of how OSS stuff should be maintained. Clean repo, clean code, well-maintained readme, and clearly focus on keeping things simple instead of overcomplicating.