Most of these util libraries require basically no changes ever. The problem is the package maintainers getting hacked and malicious versions getting pushed out.

▲

KPGv2 18 hours ago | parent [-]

If you use an LLM to generate a function, it will never be updated.

So why not do the same thing with a dependency? Install it once and never update it (and therefore hacked and malicious versions can never arrive in your dependency tree).

You're a JS developer, right? That's the group who thinks a programmer's job includes constantly updating dependencies to the latest version constantly.

▲

llbbdd 13 hours ago | parent | next [-]

You're not a web developer, right? See my other comment about context if you want to learn more about the role of context in software development in general. If you keep repeating whatever point you're trying to make about some imaginary driving force to pointlessly update dependencies in web dev, you'll probably continue to embarrass yourself, but it's not hard to understand if you read about it instead of repeating the same drivel under every comment in this thread.

▲

nineteen999 15 hours ago | parent | prev [-]

> Install it once and never update it (and therefore hacked and malicious versions can never arrive in your dependency tree).

Huh? What if your once-off installation or vendoring IS a hacked an malicious version and you never realise and never update it. That's worse.

	▲	llbbdd 13 hours ago \| parent [-]
		Hardly worth responding to, from other comments they're defending Java. They're not used to updates.