[nirvdrum]

The lack of a comprehensive standard library for JavaScript also results in projects pulling many more third party dependencies than you would with most other modern environments. It’s just a bigger attack surface. And if you can compromise a module used for basic functionality that you’d get out of the box elsewhere, the blast radius will be enormous.

[pico303]

Not to mention a culture of basically one-line packages ad infinitum. I downloaded a JS tool the other day to generate test reports and it had around 300 dependencies.

Needless to say I’m running all my JS tools in a Docker container these days.

[wombatpm]

So why hasn’t someone created a batteries include JS library? I don’t program in JS on the backend so I don’t know how feasible something like that is.

[stevekemp]

https://github.com/stdlib-js/stdlib was is one of several attempts at that, but yes the issue is that different people have very different views of what should be standard.

[fc417fc802]

That doesn't seem like it should be an issue in practice? Rather than a single standard library endorsed by the language stewards if the community at large converges on a small handful of "standard" solutions that seems like it would satisfy the security aspect of things.

[girvo]

Everyone’s ideas of what batteries should be included differ

[wolfi1]

I, for one, root for AAA

[hfsh]

*cries in ghettoblaster and Maglite D cells*

[erikerikson]

Lodash but also, which batteries?