In case anyone's wondering, rubygems is more or less the same mess.

@haitch I kinda have to wonder if module dependency management should be a pain...

@haitch This is why old farts like me suffer NIHS (not invented here syndrome): even if someone else wrote code we understand and trust, we still wouldn't depend on their source blindly. We either fork it, copy it, or reimplement it ourselves. Doing so avoids most[1] dependency malware.

1. Most, because chances are we still depend on and trust a standard library written by someone outside our team.

@aeveltstra In my case, that largely depnds on the complexity of said library. Lately, I trust very few, and very shallow. Libraries that themselves have a mammoth set of dependencies are also considered harmful
Say... like Electron...

Sign in to participate in the conversation

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!