← Back to context

Comment by worik

2 months ago

> This is a culture issue with developers who find it OK to have hundreds of (transitive) dependencies, and then follow processes that, for all intents and purposes, blindly auto update them

I do not know about NPM. But in Rust this is common practice.

Very hard to avoid. The core of Rust is very thin, to get anything done typically involves dozens of crates, all pulled in at compile time from any old developer implicitly trusted.

2 comments

worik

Reply
hedora  2 months ago

The same is true for go and for java.

  • ricardobeat  2 months ago

    You can write entire applications in Go without resorting to any dependencies, the std lib is quite complete.

    Most projects will have a healthy 5-20 dependencies though, with very little nested modules.