Y
Hacker News
new
|
ask
|
show
|
jobs
by
jameshart
1494 days ago
90% of which are development tools - eslint, testing, typescript, webpack, etc.
The actual runtime dependencies of a react app are basically just react and react-dom.
1 comments
infogulch
1494 days ago
Are dependencies that run on your development machine any
less
of a maintenance or security concern?
link
jameshart
1494 days ago
No, but the number being quoted is the sum of two different security concerns - and it’s attributing the concern to ‘react apps’, when actually react itself is pretty clean in terms of dependencies.
link
xboxnolifes
1494 days ago
Yes, because they aren't running in prod.
link