| ▲ | homebrewer an hour ago | |
This has been improving recently; one large project built on several heavy libraries that I've been supporting since 2018 currently installs ~180 dependencies without loss of functionality compared to how it worked, and what it depended on, back in 2018. IIRC 6 years ago the full dependency tree congealed into more than 2000 packages. One small example is React itself: - 5 deps: https://www.npmjs.com/package/react/v/15.6.2 - 0 deps: https://www.npmjs.com/package/react/v/19.2.6 Another is switching from create-react-app with its hundreds of transitive dependencies to vite, which, according to the test I've ran just now, currently has 15. Etc. | ||
| ▲ | sysguest 8 minutes ago | parent [-] | |
hmm maybe time to get into deno? I mean, the current "allow ANY filesys operation" can't cope with modern supply-chain attacks... with deno, you can specify folders/files that the execuble/library CAN touch (or CANNOT) | ||