|
|
|
|
|
|
by simonw
3777 days ago
|
|
|
Another benefit to minimizing your dependencies is security. The less external packages you are using (especially packages without active, security-conscious maintainers) the less likely you are to suffer a surprise vulnerability due to something deep down in your dependency hierarchy. This goes for client-side JavaScript too. XSS holes are one of the worst web app vulnerabilities out there and could easily be introduced accidentally by a simple mistake in a library. And this stuff is incredibly hard to audit these days thanks to the JavaScript community's cultural trend towards deeply nested dependencies. |
|
|
I.e. I'd 100% use libxml to sanitize xml rather than trying and reimplementing xml parsing myself.
As always, trade offs.