[simion314]

Not always true. Is also about the best tool for the job.

Ex. I had to implement a task that would need to check if an image is similar to other image (not related to porn/csam). I implemented it with just a few line of PHP and no 100+ package dependencies. How? I run a linux CLI app from inside PHP, super easy.

but, but , you can do it with node too, - yes, but guess int he past in a node project, soem dev instead of calling ffmpeg directly he npm installed some shit package that called ffmpeg. The package was basic and it did not include or options needed , some other dev would have installed other package to get a new ffmpeg feature, /

I removed all those packages and done it directly.

My point is that we need to use the best tool for the job, if there is a CLI app or Java program/library that solves your problem a developer should present teh client the truth "I can solve your problem using this in 1 day or I can rewrite it in CoolLang and CollFramework and CoolPacakgeManager and CoolTranspilter with 100+ shit dependencies in 1 month. I am afraid many developers are choosing the last option to pad their CV and pump their ego.

I would say is also the ecosystem, PHP has a bit ecosystem and it can always use all the Linux applications (once in a project I integrated PHP with node program puppeteer) so there is no limitation, I miss more features in JS then I miss them in PHP.

[thinkharderdev]

Or, maybe developers who choose other languages are also competent professionals who make language/framework choices for good reasons. I have no considered opinion about PHP but one reason I have never used it for a web application backend is because I do a lot of coding that PHP is not well-suited for (high-performance, data intensive) and it is easier to write the web server in the same language I use for everything else.

Also, in general passing untrusted input to shell commands is probably a bad idea. FFmpeg has had many CVEs over the years and taking an upload from a user and piping it to a CLI command is asking for trouble. There are considerations beyond just doing the easiest thing that could possibly work.

[simion314]

>Also, in general passing untrusted input to shell commands is probably a bad idea.

This is why you escape the shell command arguments, but if you blindly npm install a shitty wrapper you probably hit the issue with security issues. Sure review of the dependency would be great but I did not seen many devs doing it, if they would have reviewed the ffmpeg wrapper would have noticed the simplicity and implemented themselves and on top of that learned some new stuff.

>Or, maybe developers who choose other languages are also competent professionals

I did not say that all of node developers are beginners, I am saying that many developers are not using the right tool for the job but use the cool tool for the job and some developers just blindly npm install shit because this is the only thing they know.

And I can confess I was guilty of this, on a project I propose to use Qt4 over Adobe Air because I was fan Qt and hated Adobe , turned out in the end I was forced to use Adobe Air and I loved it, for what we were doing it was the best tool for the job.