Comment by awongh
19 hours ago
In the age of AI and npm supply chain attacks I feel like there are more reasons than ever to roll your own.
One other possible title of this article could just be, don’t break UI conventions. Which is not the same thing.
Instead of trying to download and configure a date time thing (for something app specific like domain specific date ranges) rather than having to rely on the configuration of a larger library, then having to manage all future major version upgrades (and some of these npm libraries have major versions every year!) why not just create your own smaller surface area component? It’ll be literally zero maintenance compared to managing an npm dependency in your app.
Counterpoint: all of these things are built right into the user's browser, and browser vendors independently work to avoid attacks across the userbase without any intervention from web designers. In fact, if the browser itself is compromised, we probably have bigger problems anyway. By just letting the browser handle these tools, we do not need to spend any resources at all.