Cry, pain, and despair: a codebase Halloween Special

In the perilous realm of programming, certain nightmares recur more often than one might think, lurking in the shadows of every project, ready to spring forth and unleash chaos on your code and your sanity.

Piotr Goszczyński
Head of Development

Every developer’s biggest nightmare

Follow along to find out the scariest monsters (a.k.a bugs) we’ve encountered throughout this year. Each point on this list has taken countless hours, murdered morale, and killed the last glimmers of hope. Just remember, these stories are 100% true (give or take 99%).

Cannot read property “let_me_die” of undefined

Every time it happens, a part of your soul dies. You ask yourself the question, "Where is this little undefined a-hole!" just to discover that you "deliberately" skipped writing proper types and tests for the API handler. But… you saved some time. That’s a good thing, well done! Just another prod redeploy 👏

“200 Ok — Error” in your face!

Oh, that’s a scary one! Especially followed by a comment: "TODO: add proper logging." You created it three months ago while frantically trying to fix a system outage. No PRs, straight to production. But somehow it seems to have slipped from memory. Well, if no one is complaining, it surely must be working.

Access has been blocked by CORS policy — * doesn’t work

Ah, here we go again. Where was that configured? LB? Edge middleware? API Handler? You search all the configurations and add * everywhere, but nothing seems to work. "Who on earth insisted on hosting the API on a separate subdomain!" You think about good old WordPress. It worked like a charm, no CORS issues! 12 hours of struggle later, it finally falls into place. "Wait, what?" 12 hours, that reminds you of something. That’s the duration of the edge middleware cache.

Segmentation fault (core dumped)

You restart the application and act like nothing happened. Unless you are a Bun team member (they are segmentation fault busters). But you are not a Bun team member, so just ignore it and have a life.

Hydration failed because the initial UI … something … emotion … something…🌈☠️

It’s happened so many times you have your function to clean those build artifacts at the ready. Hydration + emotion = broken .next dir. Every single time, you just think of burning NextJs to the ground. Svelte, Htmx, or any other functioning alternative comes to your mind. Shortly, you snap out of your dreams. Let's put toys aside and get back to business. No matter how scary Next.js can be, it delivers. And that's what will pay the bills!

new URL(””).port === “443”

The very reason you choose to stay within your comfort zone, limiting yourself to a subset of JavaScript is to keep those hideous monsters, like a tilde with indexOf (if(~x.indexOf(y))) at bay. But sometimes, these sneaky creatures like URL port property appear out of nowhere. Yes, they are scary, but what can you do?

Heap out of memory

Another day, another error. And this one drives you crazy. You know exactly what’s the deal here. TypeScript used all available memory. Nothing can be done. You’ve already set a limit to 8GB in VSCode, and your CI server is running on fumes. You start thinking about where as the industry we’ve made a mistake while going through your infra Pulumi scripts. 205MB of Azure type declarations all loaded at once? This should warrant a maximum sentence. Let’s skip type-checking for now and fix it later. Who are you kidding…

RLS bug? Good luck with debugging

Are you writing business logic in Postgres row-level security? That’s like using 200 OK - Error combined with Pokemon exception handling as a good standard practice. You’ve created nice policies and added tests, but still, something breaks. Are you using RLS with the Supabase-js client? supabase.from('countries').delete().eq('id', 1) → Success, nothing happened. Now analyze your 10 beautiful policies trying to figure out what on earth is the issue here. Hint: it’s a USING clause.

This ENV var is public, right? RIGHT?!

It’s Friday, yay! The last thing on your to-do list is debugging why the external API is shouting 401 Unauthorized. You copy working API keys to a temporary file, just to access them quickly. 10 minutes later. Issue: found. Fixed. Now only commit, push, and you are done for today. Your muscle memory triggers git add . → git commit -m "fix: external API 401" → git push -u origin HEAD. Wait stop! Too late… this will be a long day.

Want to import ESM package into CJS? Want to have a TypeScript also? Funny!

As you light a candle on your desk, you think of your former colleagues working with legacy code. Meanwhile, you keep scrolling Twitter, where the tech influencers convince everyone to ditch CJS. My advice? Open StackOverflow question just to remind yourself why people working with old CJS codebases are screwed.

Rest well and keep your code clean

Let’s wrap up our exploration of bugs and errors for now, leaving you with this chilling notion: they never truly disappear no matter how hard you try. They loiter in merge conflicts and obsolete dependencies, biding their time to resurface in an untested commit by a junior developer. Rest well, fellow programmers, and keep your code clean. For on this spectral night, the line between the digital realm and the underworld blurs, leaving room for unexpected glitches from the abyss of our twisted minds.

Happy debugging... Muhahaha

Credits: Rain effect — Aaron Rickle


Known as the OG meme lord. He might be the head of development, but his heart beats for Factorio, cars, board games, and conquering snowy slopes.

Piotr Goszczyński
Head of Development
Let's talk

tonik here — a design studio focused on early stage startups, helping founders define, design and build products.

Opinions are our own