Insurance against LeftPad level events
When it comes to dependencies, there are two extremes in software development. Complete ownership of everything right down to the abstract data types e.g. “Yes I write my own open addressing hash table and hash map”; or on the other hand grabbing strangers’ code left, right and centre e.g. “I’d rather have a dependency on some random, 12 line implementation of LeftPad because that’s one less thing to bugfix, debug and maintain”. As with all computer science trade offs, the majority feel comfortable somewhere in the middle. Done properly, I see the elegance of relying on small, composable dependencies but perhaps I’m overcompensating for my years of suffering in enterprise corporations, filling out forms to use an open source library. (No really, apply here.)
One alternative is to keep regular backups elsewhere. An unpleasant task, but one I have made easier with, surprise surprise, an npm package, npm-rescue.
This handy tool creates a backup of every node_modules directory it finds into a single git repository. Each npm project is persisted to its own branch. Backup as often as you like and git will manage the changes efficiently. If ever a dependency disappears by LeftPad style “liberation”, you can find the necessary files in your backup git repository.
It’s my hope, you’ll never need to.