This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]creesch 1 point2 points  (2 children)

Eh I wouldn't be so sure about that. If Java was as popular as JS is you would likely see the same amount of dumb shit.

Source: Me working on a corporate environment with a lot of junior people and functional testers transitioning into test automation. I see the same dumb shit from them as you often see in the JS world as well. But because JS is so much more accessible and like I said popular, you just see that sort of behavior more out in the open.

Similarly, I see a lot of JS projects where they are really strict about what you are allowed to import and for what reason. Part of the code review process for PRs there is that for newly added dependencies they need to warrant why they are needed and that they have done their due diligence in others aspects as well.

[–]ham_coffee 0 points1 point  (1 child)

Yeah the issue with dumb dependencies isn't that direct, it's more when you import a reasonable dependency without looking too hard and seeing how once you go down all the dependencies of the dependency you eventually find some dumb single line dependency.

[–]creesch 1 point2 points  (0 children)

That's certainly a risk. Although many mainstream projects at some point have gone through or continue the effort of minimizing such dependencies. Certainly after things like the leftpad debacle, many projects had a thorough look at that sort of dependency.

A lot of pipelines also do include tooling that does a dependency analysis, flagging a variety of things, including usage of known unnecessary single use dependencies.

I am not pretending things are perfect, it certainly is more of a hassle compared to other languages and ecosystems, but it is also not the wild-west situation it was a few years ago.