Comment by arccy
1 year ago
yeah, rust copied the dumpster fire that was npm, i shudder to think of the future of supply chain security when people say rewrite it in rust.
1 year ago
yeah, rust copied the dumpster fire that was npm, i shudder to think of the future of supply chain security when people say rewrite it in rust.
I'm pretty sure everybody just copied from Perl.
Go did something nice, and it would be good if more people copied. But it was also fairly recent.
Almost - CTAN (T for "TeX") predated CPAN by about 1 year (but may not have ever had as much automated fetching involved).
What would a better model to manage dependencies in your opinion? I do like that is easy to add dependencies, but also don't like that a simple hello world Axum app IIRC is around 150 dependencies.
Rust's problems are not necessarily dependency management, cargo is actually great at it, but that they rely on third party dependencies for critical components (like regex and async). Which makes it very difficult to build anything without 300 dependencies.
I understand why they do it. It's lead to some amazing crates like serde. But I think I fall more in the camp of Python, Go or Odin with a comprehensive standard lib. You can make a whole game with Odin with standard library only. Or an entire web app in Go.
> but that they rely on third party dependencies for critical components (like regex and async).
Regex is not a third-party dependency:
https://github.com/rust-lang/regex
1 reply →
have an ecosystem that encourages larger, more well thought out dependencies.
the thin standard library and flat package namespace encourages land grabs for short memorable names for packages that just do a single thing. compared to say java or go where dependencies don't exist because they sound cool but because they solve a real problem.
You don't have to have a solution to recognize that there is a problem.
This is both right and wrong in a pernicious way.
When pointing out a problem, you don't necessarily need to provide a better solution. However, if you refrain from providing a better solution, you are still implicitly asserting that there exists some better solution.
So then it's possible to counter that with: a better solution may not exist. If you think a better solution does exist, then the burden of proof is on you to point out an existing solution that does better, or to otherwise establish that some better solution must exist.
Rust could very well be at a global optimum for the problems it's trying to solve. Sometimes tradeoffs are just inevitable.
2 replies →