[devjab]

It’s not like Nuget hasn’t had its share of supplychain attacks. I don’t disagree with you, but we don’t use external packages unless we have too (as in React) and we vet every update. So in that sense there is really no security issues compared to any other language we use.

As far as performance goes, all our heavy computation happens in C++ and for everything else the performance difference between the .Net vm and Node is negligible at our scale.

You may think it’s odd, but we’re hardly the only organisation doing it. Lego did it a few years back to great success.

[neonsunset]

I don't know what world you live in but it must be a parallel to the one the rest of the industry lives in.

There have been very few instances of vulnerabilities with nuget. If you compare the numbers to npm, they might as well be a rounding error.

Perhaps your experience was shaped by poorly written ancient codebase specific to your company (or, as I strongly assume, also influenced by select few niche libraries you personally dislike), but it just does not translate to the experience of other developers (of whom you can read numerous testimonies here on HN). I pity the devs who had to suffer moving away from C# to TS and possibly C++, where especially the latter has migraine-inducing build system, and overall is a significant user experience downgrade.

[devjab]

C++ was always with us. You’re not wrong in anything you said. We spent a lot of time and effort to set up an opinionated TS ecosystem to avoid a lot to common issues, because it would be a nightmare to work with if you didn’t.

You’re also correct in assuming that I don’t dislike .Net or C# as techs, it’s their batteries I dislike. I’ve mentioned a few in my previous posts, mainly EF, OData and AD. But I’ve never worked with a “batteries” included tech in C# I didn’t eventually have to extend. Even something as simple as making a rest client has been a fight against the standard tools, and I’m not exactly alone in this. There is a reason libraries like RestSharp exist. Hell even something more simple like the GUID generic doesn’t actually produce valid UUIDs, which means other languages won’t be able to verify them. Not an issue if you stay within the ecosystem, but if your front-end is JavaScript, you’ll need to either write your own, find a 3rd party or extend the base type. All of these things, can, be negligible. Many of them like the basic http client has improved. But over time, if your business processes require it, I’ve just never had to fight a language as hard as I have with C#.

I wouldn’t personally recommend moving from C# to TS for shits n giggles. We did it to pool dev resources, but it’s been a joy to work with. Which is interesting considering it’s also made by Microsoft. I do think C# is adopting more and more of the JavaScript ecosystem, and more and more of how Types are simply superior to classes, which is very neat, so I do think C# is heading in an ever better direction. But its standard libraries aren’t. And if you can’t use those, then why would you really chose C# over something like Go or Java?

Even within the .Net ecosystem itself, I think that Powershell has now far surpassed the usefulness of C# for basically anything related to Operations. In many cases I think Powershell is even superior to Python. Except of course for the fact that you can use Python for other things, so you again can get more out of those dev resources, but Powershell has a purpose where C# does not. Not really.