[zuppy]

if we’re here, i’ve got a rant about npm. if you have more than a few dependencies, you need to download half of the internet for all the required 3rd party packages. this has security implications too, as i see no way to be able to watch them all, even with a local mirror

@downvoters: do you care to add a reply? it’s silly that instead of having a conversation, we’re doing this.

[scrollaway]

I didn't downvote you but I think you're getting grayed out because it's a tired argument that's been had time and time again. It's just… kinda pointless to have it again.

Yes, the all-too-common super-deep dependency trees are a problem. If you're reasonable about your dependencies though it doesn't happen (my last few JS dependency graphs are pretty similar to my Python ones).

One of the issues is the stdlib and the other issue is a different mindset due to a lower barrier of entry to creating a package. (eg. creating and maintaining a package in Python sucks, so you're less likely to do it for small, self-contained things rather than create a utils.py)

shrugs, I honestly don't know what meaningful change this discussion can lead to. People are generally aware of this, and the problem isn't actively getting worse, so I imagine it'll get better over time.

[zuppy]

ok, that’s fair, thanks. i haven’t participted that much in js related discutions, it’s just frustrating to me and didn’t know that this is pushing some hot buttons :)