| ▲ | wolvesechoes 10 hours ago | |||||||
I am glad I don't need to touch JS or web dev at all. Now, I tend to use Python, Rust and Julia. With Python I am constantly using few same packages like numpy and matplotlib. With Rust and Julia, I try as much as possible to not use any packages at all, because it always scares me when something that should be pretty simple downloads half of the Internet to my PC. Julia is even worse than Rust in that regard - for even rudimentary stuff like static arrays or properly namespaced enums people download 3rd party packages. | ||||||||
| ▲ | someguyornotidk 7 hours ago | parent | next [-] | |||||||
Isn't Rust just as susceptible to this issue? For example, how do you deal with Rust's lack of support for HTTP in the standard library? Importing hyper pulls in a couple dozen transitive libraries which exposes you to the exact same kind of threats that compromised axios. Given how HTTP is now what TCP was during the 90s and almost all modern networked applications needing to communicate in it one way or another, most rust projects come with an inherent security risk. These days, I score the usability of programming languages by how complete their standard library is. By that measure, Rust and Javascript get an automatic F. | ||||||||
| ||||||||
| ▲ | hu3 9 hours ago | parent | prev [-] | |||||||
It's mind boggling when a simple Rust app pulls in Serde and with it half a black hole worth of packages to serialize some mundane JSON. | ||||||||