[Vizarddesky]

> I repeat the above recursively on transitive dependencies as many times as necessary. I also repeat the cursory code review any time I upgrade a dependency.

If this guy has to work on a "modern" frontend project, he's gonna review dependencies until the heat death of the universe.

[kerkeslager]

Okay, but let's be clear about why we're putting "modern" in quotes. Sure, pulling in half of NPM is a common way to do things currently, but it's also a very painful way to do things, currently. A "modern" dependency tree is going to cause you tons of pain, starting with having to configure your dependency tree and getting worse from there. If you use a few, small, effective dependencies, you can reasonably do a cursory code review with every upgrade, and there are other major benefits.

Don't let some drive to be "modern" cause you to use libraries that make things more difficult than using vanilla JS.

[fhars]

But doesn‘t that say more about modern leftpaddable frontend frameworks than about the author?

[taneq]

It sure does. ‘Don’t repeat yourself’ and ‘avoid NIH syndrome’ are noble goals but ‘automatically update myriad libraries from random sources on the internet and then run them’ gives me the heebie jeebies.

[josteink]

What this guy does sounds like a machine-doable job.

At our company we use whitesource to scan each and every build for these kind of license violations.

[randomsearch]

Nearly spat out my cereal, thanks. Funny because accurate. As a relatively new node dev, this is what keeps me awake at night.

[oblio]

And his comment is copy-paste from Reddit: https://old.reddit.com/r/programming/comments/ekjacu/this_is...

Slightly ridiculous that we're getting to this point :-)

[eitland]

A reason why I appreciate Angular: then I know (or so I think?) someone else is vetting the base dependencies.