|
|
|
|
|
|
by eternityforest
1565 days ago
|
|
|
Left pad was more of an issue with mutable dependencies it seems like, and with using tons small dependencies instead of larger trusted ones. Yarn's zero install and the like could probably have stopped that from ever being an issue. Many lodash/underscore/whatever utilities have that feature, and with dead code removal I don't know why people still use micro libraries. There's of course malware concerns, but that's why you don't use things that aren't popular with a million eyes on them unless you want to check it yourself. |
|
|
That’s certainly not what the JavaScript community as a whole does. If anything that’s closer to the way many other languages do it with large standard libraries.
> There's of course malware concerns, but that's why you don't use things that aren't popular with a million eyes on them unless you want to check it yourself.
Those popular libraries often have hundreds to thousands of dependencies and sub dependencies themselves, many of which almost certainly don’t have a million eyes on them.