| ▲ | tkiolp4 4 days ago | |
You don’t get it. People don’t add “is-arrayish” directly as a dependency. It goes like this: 1) N tiny dubious modules like that are created by maintainers (like Qix) 2) The maintainer then creates 1 super useful non-tiny module that imports those N dubious modules. 3) Normal devs add that super useful module as a dependency… and ofc, they end up with countless dubious transitive dependencies Why maintainers do that? I don’t think it’s ignorance or laziness or lack of knowledge about good software engineering. It’s because either ego (“I’m the maintainer of N packages with millions of downloads” sounds better than “I’m the maintainer of 1 package “), or because they get more donations or because they are actually planning to drop malware some time soon. | ||
| ▲ | paulddraper 3 days ago | parent [-] | |
I think the real answer is far less nefarious. They personally buy into modularization, do-one-thing-do-it-well. Also engineering is fun, and engineering more things is more fun. | ||