hrbrmstr's Daily Drop

Drop #428 (2024-03-18): Monday Morning Grab Bag

hrbrmstr

Default Handler (macOS-only); Npm Install Everything; Observable Plot Easter Eggs

TL;DR

(This is an AI-generated summary of today’s Drop.)

  • A macOS-only app for managing the default handler for URL schemes is mentioned; source.
  • An experiment titled “Npm Install Everything” is detailed, where hackers attempted to install every package on npm in a single command. This experiment highlighted the limitations of npm, such as the maximum dependency count, and served as a cautionary tale about responsible package management and the importance of understanding the tools and ecosystems developers work within; source.
  • Mihael Ankerst’s Observable Notebook is showcased, presenting a vast collection of interactive visualizations using Observable Plot. This section demonstrates the versatility of Plot through various chart types and data visualization techniques, offering a comprehensive guide for creating high-quality visualizations; source.

Before We Begin

Photo by Pixabay on Pexels.com

Two updates from the weekend Bonus Drop.

A very kind reader notified me about a recent kerfuffle surrounding Thorium. I asked Perplexity to get me up to speed and it did. Needless to say, Thorium has been deleted from all systems and I’m back to ungoogled chromium for the dev-mode projects.

The launch command for that on macOS looks like:

/Applications/Chromium.app/Contents/MacOS/Chromium --incognito --disable-extensions --remote-debugging-port=9222 --user-data-dir=remote-debug-profile http://localhost:3000

Speaking of launching things, I have a separate fork of mdprocs over on codeberg. It has a --just CLI option that will read a tasks from a justfile like the --npm one does for package.json:

The reason for the separate fork is that the current main branch source code for mdprocs on GitHub does not work for me when I just compile it (without my addition) and I really don’t have cycles to debug why. So, this is a mod to the 0.6.3 tagged branch of the official repo. I updated some of the versioned dependencies but more than a few had breaking changes, so those versions remain “old”.

If you have other types of files it should handle, just drop me a note.

Default Handler (macOS-only)

(Quick section.)

Various apps on macOS reassert control over certain URL schemes whenever the app updates, and some even do so — without asking first – on first install. How. Rude.

The folks who make the remote access app Screens took a bit of code which asserted control over the vnc URL scheme, and wrapped it into another app, then expanded it to cover the use case where you need to wrest control over various URL schemes away from daft apps to ones you want to handle them.

Default Handler lets you pick from a gazillion schemes and map them to any other app that says it can handle said scheme.

It does one thing, and does it well.

The section header is all the apps it found to handle https on my system. It even picked up that the Parallels install on my system has some browsers in one of the Windows VMs.

Npm Install Everything

NPM (I honestly never know how to capitalize it) is a big deal in JavaScript land. It’s the OG package manager for that ecosystem and it’s pretty indispensable. Sort of the invisible hand that brings together the pieces of the puzzle, allowing the creation of complex applications from small, reusable code modules. But what happens when someone decides to challenge the very fabric of this ecosystem by attempting to install every single package on npm with a single command? That’s exactly what a group of self-proclaimed hackers did, and the result was nothing short of chaotic (it’s all detailed in “Npm Install Everything: A Hacker’s Experiment in Pushing Boundaries“).

The experiment was simple in concept: create a package with every other npm package listed as a dependency and run npm install. However, npm’s limitations quickly became apparent, as it only allows a package to directly depend on 800 others, a far cry from the 2.5 million available. This limitation was the first of many hurdles the team encountered, but it was far from the last. Their endeavor was a perfect example of true hacker culture, which thrives on creatively overcoming the limitations of software systems for novel outcomes.

The usefulness of this experiment might not be immediately clear to the casual observer. After all, why would anyone need to install every npm package? The answer lies not in the practicality of the outcome but in the insights gained from the process (ultimately, this is what makes a hacker a hacker). This digital field trip into the heart of npm’s infrastructure revealed the strengths and weaknesses of that package management system. It highlighted the dependency resolution algorithm, the robustness of npm’s network, and the potential for unforeseen consequences when the system is pushed to its limits.

For the rest ofus, the npm “Install Everything” saga serves as a cautionary tale and a reminder of the importance of responsible package management. It underscores the cascading effects that dependencies can have and the need for mindfulness in package creation, maintenance, and consumption. The experiment also sheds light on npm’s policies, particularly around unpublishing packages, and how they might be exploited or improved.

So, should you, dear reader, embark on your own npm “Install Everything” adventure? Probably not! But you should certainly appreciate the audacity of those who did and take away the lessons their experiment provided. It’s a reminder that the tools we use every day are not just utilities but living ecosystems that grow and evolve, often in unexpected ways. And for those with a hacker’s curiosity, it’s an invitation to explore, to test, and to push the boundaries (responsibly, of course).

Observable Plot Easter Eggs

Mihael Ankerst has put together a spiffy Observable Notebook that showcases scads of ways one can use Observable Plot to make the creation of high-quality, interactive visualizations of all shapes and sizes. This comprehensive guide, demonstrates the versatility and power of Plot through a variety of chart types. From basic bar and line charts to more complex scatter plots and histograms, each example is a testament to the library’s capability to handle diverse data visualization needs.

Mihael did a fantastic job breaking the content up into topical sections. If you just want the list, here it is, courtesy of some Developer Tools scripting (said script is at the end).

divs = document.querySelectorAll('div[style*="font-family: Caveat"]');

links = Array.from(divs).map(d => {
  let parentAnchor = d.closest('a');
  if (parentAnchor) {
    return `- [${d.innerText}](${parentAnchor.href})`
  }
});

FIN

Remember, you can follow and interact with the full text of The Daily Drop’s free posts on Mastodon via @dailydrop.hrbrmstr.dev@dailydrop.hrbrmstr.dev ☮️

,

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.