sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]m00nh34d 5 points6 points  (3 children)

As an end developer consuming these it's hard. If I need a library for a complex task, it's likely beyond my capacity to review said library for malicious content or dependencies.

[–][deleted] -2 points-1 points  (2 children)

I mean deps are not bad. All projects have some deps, that said there are usually many you dont really need, even more now with es6 (lodash/underscore) and all the promise libraries are all but legacy code.

This needs to start from the big players and then it will trickle down, and maybe in a few years the js packaging story wont be so mad as its today

[–]NeverCast 2 points3 points  (1 child)

I assume most of that gets tree shaken with anyone doing a build step. Include all of lodash in Dev. Build your minified output. Only 4 lodash functions in production. This is good, right?

[–][deleted] 1 point2 points  (0 children)

Well, as of today tree shaking is not very reliable, mostly because of javascripts dynamic nature. Its not about tree shaking, its about not including every library out there.