javascript.png

An update to a tiny JavaScript library has thrown a large part of the JavaScript ecosystem into chaos on Saturday, with millions of projects believed to have been impacted.

Making the entire situation ridiculously absurd is that the whole mess was caused by a "one-liner" JavaScript library, marking this the second time when a tiny JavaScript project has caused widespread issues.

The is-promise one-liner

The package at the heart of this weekend's problems is named is-promise[1]. The library consists of two lines of raw source code[2], and developers can use it in their projects via a one-liner call.

Its purpose is to let developers test if a JavaScript object is a "Promise[3]," with the function returning a boolean result of yes or no when used in production.

Despite being just two lines of code that perform a basic check, the is-promise library is one of today's most popular JavaScript npm packages (libraries). According to GitHub[4], the library is part of more than 3.4 million projects and used as a dependency by 766 other JavaScript libraries.

Over the weekend, the is-promised library was updated to receive support to work as an ES module[5] -- the standardized module system used by the JavaScript language.

However, the is-promise v.2.2.0 release didn't adhere to the proper ES module standards. As soon as the update was out, projects that used is-promise inside their build chain started failing due to the improper ES module support [1, 2, 3, 4, 5, 6, 7, 8, 9, 10].

The effect of the error was felt immediately, and impacted from closed-source JavaScript codebases to some

Read more from our friends at ZDNet