[vbezhenar]

> The downside of the "bundle everything" approach (which is also used by Docker and it's ilk), is that whenever one of those dependencies needs to be fixed or upgraded (for reliability or security reasons), you have to find every instance of it on the entire system, which soon becomes an extremely difficult task.

How it becomes difficult task? Just download things and replace them, when I ask to update. I have fast internet and big SSD, that's fine for me. 90% of software I'm using on my Mac are installed via alternative ways and they already bundle all the dependencies, so I already living with it.

[whalesalad]

There are also ways to abstract the files on disk such that it appears every module has its own copy of “foo.so” but they’re all the same bytes on disk. Using content hashes for example. I believe this is how pnpm works.

I don’t buy the shared libraries solve problems argument either. Lots of software are pinned to a specific version anyway so just because some security update has come out for a shared lib doesn’t mean it will work with all your other software.