NPM package is-even has over 140k weekly downloads

Judging from this page (https://www.npmjs.com/browse/depended/is-even), it appears that many of its dependents are joke packages. For example:

- is-is-even: checks if the passed function is is-even

- is-odd-or-even: determines if a given number is odd or even.

- is-ice-cream: Amazing lib to check if string contain your favorite ice cream flavor

Probably the main reason it has so many downloads is that it's imported as a module (rather than integrated as a constituent function) by the author's popular handlebars-helpers library of utility functions. Imagine if underscore.js were to separate out first() as its own module. Then you'd have a similar situation.

The problem here is not npm or the package itself.

The absurdity of 140k weekly downloads is a result of CI/CD practices.

I'm probably in the minority here but I think npm and github should actively disallow (or atleast discourage by making it very uncomfortable) to re-download the same dependencies from the internet on every pull request.

It even depends on is-odd (375K weekly downloads). The script kiddies have taken over.

Glancing at GitHub it's primary use seems to be just to demonstrate how to use packages.

https://github.com/search?q=require%28%27is-odd%27%29&type=c...

With so many developers using this package there must be a few here on HN. If anyone here has included this as a dependency I'd love to know the reasoning behind it.

this just must be a joke package, as all it is doing is importing an "is-odd" package and returning `!isOdd(i)`... sad to think that someone is actually using this though.

Dart has a lot of built-in methods similar to this. Yes, that includes `$n.isEven` and `$n.isOdd`. It's especially nice with iterables that have `.isEmpty` and `.isNotEmpty`. I make regular use of all four. It cuts down on clutter and makes the intent unmistakably clear. I think these JS packages, and Dart's inclusion of them in the stdlib are indicative of a clear need among programmers for unambiguous intention. Also, I suspect a lot of people, especially JS programmers, of whom a large percent is certainly made up of non-formally educated people, likely don't know that testing for even-ness can be done with modulo.

All of this is to say, instead of this being an indictment of the JS ecosystem and its programmers, its more indicative of a stdlib function that should exist but doesn't.

    isOdd = x => x % 2 === 1
    ...

Quite a while back, I once saw a front-end engineer copy-pasting every bit of the CSS that he wrote. So, I asked, “Won’t it be faster if you just typed?” “I want to avoid errors.”

To be fair he says on GitHub:

i-voted-for-trump

This is a joke. You'll only see this org if you are attempting to troll me about repositories I created when I was learning to program.

is-odd

Public archive I created this in 2014, the year I learned how to program. All of the downloads are from an old version of https://github.com/micromatch/micromatch.

A couple of thoughts on this one.

I think it is worth putting this in its historic context. Most of this code was written at a nascent point in JS history where NPM packages could start to be shipped to the browser (i.e. the Browserify years). This was a pretty wild time but one of the concerns was about the amount of code being shipped to browsers (this is pre-tree shaking, which only really works with ESM). Additionally, the glaciation of the JS runtime and standard library at the time, alongside the NodeJS "Cambrian Expansion" of npm, meant lots of authors were working to build out packages that fixed these classes of deficiencies (another example being the now infamous left-pad). We saw the same thing about the same time in the PHP world with the MicroPHP manifest and Composer, and I believe there was cross-pollination of ideas between these two things.

It is also worth noting that a decent proportion of people entering into the JS world at this time were more traditional HTML/CSS designers, maybe with some backend experience, but usually not engineers with a strong programming background (my experience, mileage may vary).

Looking at the chain of dependencies, the underlying logic of `is-number` is both common enough and a big enough footgun for those particularly less experienced JS developers to warrant a module. And once you've got it, need to do something with it, and once you've got things depending on you, you can't take it down; and thus, a house of cards is built.

Lastly, I think its worth keeping in mind that this also tracks with an industry shift to GitHub and an explosion in MIT Licensing/sharing in a world untarnished by the kinds of supply-chain attacks a good deal of us are now rightly worried about. We take it for granted now, but GitHub was a huge change to the way FOSS happens, and that facilitated this kind of repo building (free hosting, free publishing to NPM, sharing culture etc).

Would be nice if npm differentiated direct downloads from indirect downloads as a dependency.

When it just appeared I thought it was a joke, but it seems people actually use this...

There must be some interesting edge cases with the idea of certain numbers being even or odd. I’m not familiar with whether the underlying numeric types can accomodate these values in JavaScript, but off the top of my head - what does maths have to say about the idea of the even/odd-ness of infinity, not-a-number, imaginary numbers. And there’s always undefined too. I suppose what I’m getting at is whether the answers to these questions are consistent between different packages and languages.

is-odd [1] has even more weekly downloads (370k+) and is the only dependency of is-even [2].

[1]: https://www.npmjs.com/package/is-odd [2]: https://github.com/i-voted-for-trump/is-even/blob/585f8002bb...

I don’t think the root logic it ultimately depends on is obvious: https://github.com/jonschlinkert/is-number/blob/master/index...

And so this is a perfect abstraction to make something non- obvious obvious.

The real question is why this shouldn’t be part of the interpreter?

Yes the dependency on isOdd is needless, but is a red herring.

Most commenters here didn’t look deep enough, sadly.

    function isOdd(value) {
      const n = Math.abs(value);
      if (!isNumber(n)) {
        throw new TypeError('expected a number');
      }
      if (!Number.isInteger(n)) {
        throw new Error('expected an integer');
      }
      if (!Number.isSafeInteger(n)) {
        throw new Error('value exceeds maximum safe integer');
      }
      return (n % 2) === 1;
    }


    function isNumber(num) {
      if (typeof num === 'number') {
        return num - num === 0;
      }
      if (typeof num === 'string' && num.trim() !== '') {
        return Number.isFinite ? Number.isFinite(+num) : isFinite(+num);
      }
      return false;
    }

Am I missing something here, why is a package even needed needed for this? Can you not evaluate `some_int % 2` in Javascript to check for this directly?

I honestly don't know what's worse; That this package exists, or that the implementation requires a dependency to `is-odd` and just does `return !isOdd(number)`

It's astonishing how many people defend a clear lack of basic math knowledge.

Take a look at the author's github bio, the grift is pretty obvious:

> I've created more than 1,000 open source projects in an effort to reach my goal. Open source software takes a lot of time to create and maintain, and millions of projects now depend on my code.

Is there an easy way to trace the most popular packages that use it?