| I'm pretty sure the log4j bug was many years old. Depending on the bug, it only takes one. There may be 14,999 non-serious bugs, and one Bad Bug. The other bugs just give the baddie some tall grass to hide in. I think that not using dependencies, as a general rule, is good starting point, but, like all these "hard and fast" rules, the proper answer is "it depends." I think that importing a 20KLoC JS library, so you can animate a single window opening is maybe not such a good idea, but it may be worth it, if you plan to animate dozens of window openings. Even then, it may be a good idea to have one of your more experienced geeks take some time to write a utility that gets reused throughout the project. I use a lot of dependencies. I believe that modular design is an important component of managing complexity and ensuring high Quality. But, the caveat is that I have written almost every dependency I use. I write each one as a standalone project, complete with heavy-duty documentation, and lots of testing (Usually, the testing code eclipses the actual implementation code). Because of this, I can write a pretty damn robust application in just hours. If anyone is interested in seeing what I mean (I don't expect many takers), they can always browse some of the modules in my various repos. |