Every time someone claims that "the problem" with software is too many dependencies, they're really arguing for software to remain at the "leeches for blood letting" stage of evolution. In all industries, we stand on the shoulders of giants by abstracting what we already know.
-
-
The threat model is that unknown actors can deliver malicious code to a public repository that can't be easily reviewed (the build process is obscured: uglified javascript pushed to npm not matching the source code). We shouldn't use "compiled" objects from untrusted sources.
-
You mean the "I'm stealing your passwords" blog post?
-
Well, that's what I was thinking about yes. Good dependency management is critical to scaling any project, not reducing the number of dependencies. The whole minification, tree shaking, optimizing size problems in JS make me grouchy because compilers do this thing quite well.
-
How is that different from depending on a PPA?
-
fwiw I think shipping minified code is not the right answer and I hope it goes away.
-
I hope so, too. It is such a terrible hacky wart. For npm to build trust... anything that is shipped minified should be compiled by http://npm.org from source code. I surprised that it wasn't.
End of conversation
New conversation -
-
-
distinguishing which shoulders are giants and which are randos, then
-
Usually the giants are collective.
End of conversation
New conversation -
-
-
In all honesty do you never try to keep the number of gems used in your rails app to a minimum? Well if you do that's what people mean by dependency. If the gems are not maintained in future release we are stuck maintaining it ourselves. Depending on frm/wk and stdlib is useful.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.