|
|
|
|
|
|
by jjav
1519 days ago
|
|
|
As the parent post said, "With every dependency". In other words, there is a quantitative risk difference between depending on two external libraries (particularly if you pick well-vetted ones) vs. depending on 15000 libraries like some node projects. Every additional library your build brings in, adds a small additional amount of supply chain risk. So it's not about trying to be hardline about not depending on anything, but if you want to minimize risk you'd want to curate carefully which libraries you bring in. |
|
|