I tried writing some JavaScript today. I tried not to add any frivolous dependencies. I ended up with 18k dependencies. This is not a joke.
Show this thread
I'm not in the "every dependency you add is a liability camp", but... how do people find this acceptable? This is a large enough number I'd be surprised if none of them contained malicious code, just from statistics alone
-
-
npm is easy and convenient, that's why.
-
So is Cargo and Bundler, neither have this effect
- 6 more replies
New conversation -
-
-
I really want to see some kind of serious study asking why this has happened this way rather than lots of off the cuff shade being thrown around. I feel as a consumer of this ecosystem that I don't have control.
-
I do too. The most common answer I see is that JS has an anemic std library, but I don't think that really gets at the core of it at all
End of conversation
New conversation -
-
-
I’ve always assumed this is because JS may need to be sent to the browser and small packages means you can only push the minimum required. Whether reality matches the dream...
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
At least GitHub will tell you if any dependency is vulnerable.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.