Left-Pad Incident
ELI5 — The Vibe Check
The left-pad incident is when one developer unpublished an 11-line npm package and broke the entire internet in 2016. The package just added spaces to the left side of a string. But thousands of packages depended on it, including React and Babel. When it disappeared, builds failed worldwide. It proved that modern software is a house of cards, and one angry developer can knock it down.
Real Talk
The left-pad incident (March 2016) occurred when developer Azer Koçulu unpublished all his npm packages, including left-pad (an 11-line string-padding utility), after a dispute with npm Inc. over a package name. The removal broke thousands of builds across the JavaScript ecosystem because left-pad was a transitive dependency of major packages. npm responded by preventing unpublishing of packages with dependents, fundamentally changing registry policy.
When You'll Hear This
"The left-pad incident proved we need lockfiles and dependency auditing." / "Are we really depending on a 3-line package? Remember left-pad."
Related Terms
Dependency Hell
When your project's packages need different versions of the same thing and everything breaks.
Node Modules Black Hole
The node_modules black hole is the abyss that forms when you run `npm install`. What starts as 5 dependencies becomes 500 nested packages totaling 400MB.
npm
npm is like a vending machine for code. You say 'I want React' and it delivers React, plus React's 47 friends, plus their friends' friends.
Supply Chain Attack
A supply chain attack is when hackers don't attack your code — they attack the code your code depends on. That npm package with 10 million downloads?