Comment by KPGv2
8 hours ago
If you use an LLM to generate a function, it will never be updated.
So why not do the same thing with a dependency? Install it once and never update it (and therefore hacked and malicious versions can never arrive in your dependency tree).
You're a JS developer, right? That's the group who thinks a programmer's job includes constantly updating dependencies to the latest version constantly.
You're not a web developer, right? See my other comment about context if you want to learn more about the role of context in software development in general. If you keep repeating whatever point you're trying to make about some imaginary driving force to pointlessly update dependencies in web dev, you'll probably continue to embarrass yourself, but it's not hard to understand if you read about it instead of repeating the same drivel under every comment in this thread.
> Install it once and never update it (and therefore hacked and malicious versions can never arrive in your dependency tree).
Huh? What if your once-off installation or vendoring IS a hacked an malicious version and you never realise and never update it. That's worse.
Hardly worth responding to, from other comments they're defending Java. They're not used to updates.