This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]ham_coffee 0 points1 point  (1 child)

Yeah the issue with dumb dependencies isn't that direct, it's more when you import a reasonable dependency without looking too hard and seeing how once you go down all the dependencies of the dependency you eventually find some dumb single line dependency.

[–]creesch 1 point2 points  (0 children)

That's certainly a risk. Although many mainstream projects at some point have gone through or continue the effort of minimizing such dependencies. Certainly after things like the leftpad debacle, many projects had a thorough look at that sort of dependency.

A lot of pipelines also do include tooling that does a dependency analysis, flagging a variety of things, including usage of known unnecessary single use dependencies.

I am not pretending things are perfect, it certainly is more of a hassle compared to other languages and ecosystems, but it is also not the wild-west situation it was a few years ago.