isn't it kind of irritating to anyone else that dependencies discourse always ends at "trust nothing trust no one, have as few dependencies as possible and read every line yourself"
Conversation
ppl be like "we live in a society" until you have to participate in society
3
5
104
if you don't do anything you don't have a security risk! congratulations. we still have to do things. what's necessary to make "having dependencies" not a scary risk?
10
4
92
Replying to
Feature rich standard libraries help a lot with avoiding external dependencies. It's hard to avoid depending on lots of external libraries when writing Rust since the standard library doesn't cover much above low-level functionality. JavaScript is dramatically worse than that.
Python's standard library used to be quite good but it has really languished and hasn't been properly updated or maintained. They could have made nicer APIs and reimplemented the old ones as compatibility layers on top of the newer implementation... but it's hard without types.
Having a fat standard library can also cause a lot of friction. Assuming that the core developers get everything right, then all is well, but the odds of that are quite slim, and once you add a feature, it becomes very hard to remove it.
2
The standards for stability aren't inherently different in the standard library compared to an external one. If most of the external libraries don't provide good backwards compatibility, then that's just further demonstrating that they aren't a replacement for a standard library.
1
Show replies