NPM Fails Worldwide With 'ERR! 418 I'm a Teapot' Error

Catalin Cimpanu, writing for BleepingComputer: Users of the NPM JavaScript package manager were greeted by a weird error yesterday evening, as their consoles and applications spewed a message of "ERR! 418 I'm a teapot" whenever they tried to update or install a new JavaScript/Node.js package. JavaScript developers from all over the world received the error, and not just in certain geographical regions. The bug did not affect all users, but only those behind a proxy server.

Re:I'm too oldschool.

[El+Cubano]

I like to download my Javascript Framework and have it linked to the internal web-server.

That is not old school. It is the difference between being an amateur programmer and a professional software developer/engineer. To be clear, deploying anything meaninfgul into production based on drawing dependencies form a source which do not trust or directly control is an amateur move.

For anything more complex than school/hobby project, and for every professional project, I make it a point to ensure the stability and availability of the dependencies. In some cases that might be as simple as ensuring the libraries are available and suitable as is in the Linux distro package repo (I generally trust Debian, RHEL, and Suse for stuff like this). In the case where the packages are not available or they are only available from a potentially unreliable source (Fedora, NPM, CPAN, Maven central, RubyForge, etc.) I make sure to make a local copy (either stand up my own repository or incorporate the depednecny into source control directly). That way I can be assured that the dependency continues to be available to and working when I need.

Granted, doing that means that one accepts the burden/responsibility of keeping the depedency up to date and tracking the vendor/upstream security advisories. But then, that is why (good) software developers/engineers get paid well.

Re:You gotta wonder

The 418 code was an April 1st joke, it really should not be in the codebase of any serious web application...

Re:You gotta wonder

[Lunix+Nutcase]

Well then good news. NPM isn’t a serious web application. It’s an amateur hour piece of software.

Re:I'm too oldschool.

[TheDarkMaster]

This. Oh boy, this. I'm fucking sick of seeing all these websites developed in this completely amateur way using javascripts files from several external sources to the site itself where each of them is a potential source of problems and security breaches, and this is not to mention the cases where these scripts call other scripts from other sites that in turn also call other scripts in a lunatic chain of operations to do things that should be contained within the original site.