|
|
|
|
|
|
by benmccann
1099 days ago
|
|
|
There are tradeoffs there. E.g. many of Svelte's dependencies are shared by bundlers such as Vite, Rollup, and their plugins. If you bundle those dependencies it means they have to be downloaded multiple times. It also means you can't use the cache from efficient package managers like pnpm. And lastly, it makes it harder to deal with security issues. If there's a security issue in a dependency then Svelte would need to ascertain whether it could affect users, upgrade the dependency, and file a CVE against Svelte itself. Users would then have to upgrade Svelte in addition to the dependency if it's shared by any other libraries. |
|
|