• Pennomi
    link
    fedilink
    English
    10
    edit-2
    10 months ago

    JavaScript is a dangerous shitshow for this exact reason. Dependencies are a security and stability nightmare.

    • Admiral Patrick
      link
      fedilink
      English
      9
      edit-2
      10 months ago

      Eh, I’d say any language that offers a package repository is just as susceptible. I’m neither pro- nor anti- dependency, but I do always try to keep them to an absolute minimum regardless of what environment I’m working in. Sometimes it makes sense to not reinvent the wheel.

      • Pennomi
        link
        fedilink
        English
        910 months ago

        Yes, but other languages have exponentially fewer packages that install when you add something, making the attack vector smaller and easier to monitor.

        The best way to fix this is for library authors to avoid installing as many sub-dependencies as possible (is-odd, being an obvious example). But that’s a fundamental culture problem.

      • Jo Miran
        link
        fedilink
        English
        2
        edit-2
        10 months ago

        This is why I only code in Assembly. /jk