Indeed. Unlike the contents of npm, there are presumably groups of people reviewing that code and making sure internet randos aren't putting in whatever they want.
-
-
Using a framework doesn't help if one of that framework's dependencies brings in a ton of other transitive dependencies that are all moving independently of the framework that nobody responsible for the framework is really vetting.
-
As a framework author, I can tell you that we vet transitive dependencies more than you might expect.
-
Well, I feel a lot more comfortable using the ~700 package ember-cli knowing that you're personally reviewing all of those transitive dependencies. ;-)pic.twitter.com/IWz4AL1Y1n
-
Not sure if I should treat this as a troll or keep trying to draw comparisons to other projects you think you trust. Like how many lines of third party code do you think are included in Chrome or Firefox, for example.
End of conversation
New conversation -
-
-
I think me and
@wycats just feel gaslighted (not by you, but generally) because of how forcefully we were told we were out of touch and spreading FUD when we tried to point these issues out half a decade ago.
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.


)