 on [Unsplash](https://unsplash.com/)](https://images.unsplash.com/photo-1598983870677-01e066a0b901?q=80&w=1470&auto=format&fit=crop)
We regret to inform you that something happened with NPM…again:
On Dec. 29, a package titled “everything” was published to the registry, which is designed to install all other public packages in the registry. This created a registry-wide web of dependencies that effectively disabled the ability to unpublish packages on the site, as packages that other packages are dependent on cannot be unpublished.
The incident triggered responses from developers left unable to unpublish their deprecated or experimental packages, as well as criticism from some who viewed the stunt as an abuse of the open-source NPM system.
The developers behind “everything” said they did not anticipate these consequences and reached out to NPM and GitHub to resolve the issue. Ironically, the team was left unable to unpublish “everything” themselves due to a circle of dependencies that essentially made the package dependent on itself.
“We just thought it would be funny,” wrote Evan Boehs, an “everything” contributor, in response to another GitHub user’s question about the project’s purpose. “We did not know all this would happen.”
It’s moments like this one that makes me relish being in web dev. With MySQL following PostGres in allowing one to write functions and stored procedures in JavaScript, I await with bated breath the rise of “ReactDB” and “JSX Projections” with a simple npx create-wibbly-wobbly-db --blazingly-fast=true --use-webpack=true --use-using=true command.