| ▲ | ryandrake 4 days ago | |
Unpopular opinion these days, but: It should be painful to pull in a dependency. It should require work. It should require scrutiny, and deep understanding of the code you're pulling in. Adding a dependency is such an important decision that can have far reaching effects over your code: performance, security, privacy, quality/defects. You shouldn't be able to casually do it with a single command line. | ||
| ▲ | heisenbit 4 days ago | parent | next [-] | |
For better or worse it is often less work to create a dependency than to maintain it over its lifetime. Improvements in maintenance also ease creation of new dependencies. | ||
| ▲ | skydhash 4 days ago | parent | prev [-] | |
I wouldn’t go for painful that much. The main issue is transitive dependencies. The tree can be several layer deep. In the C world, anything that is not direct is often a very stable library and can be brought in as a peer deps. Breaking changes happen less and you can resolve the tree manually. In NPM, there are so many little packages that even renowned packages choose to rely one for no obvious reason. It’s a severe lack of discipline. | ||