← Back to context

Comment by user34283

2 days ago

Said scrutinizing from my side consists of checking the number of downloads and age of the package, maybe at best a quick look at the GitHub.

Yes, I'm sure many dependencies aren't very necessary. However, in many projects I worked on (corporate) which were on the older Webpack/Babel/Jest stack, you can expect node_modules at over 1 GB. There this ship has sailed long ago.

But on the upside, most of those packages should be fairly popular. With pnpm's dependency cooldown and whitelisting of postinstall scripts, you are probably good.

2 comments

user34283

Reply
pixl97  1 day ago

>consists of checking the number of downloads and age of the package

Age can't be gamed, but number of downloads sure can.

  • bdangubic  1 day ago

    I looked at number of downloads just like I am looking at number of amazon reviews :) tells you just about the same thing - nothing at all