Comment by Filligree
9 hours ago
It’s too much code. Maybe companies are able to handle this, but as a solo dev it’s completely infeasible.
I could just not use those deps, but then I won’t be able to build anything interesting. The software industry has historically relied on being a high-trust society; I don’t know what will happen if that is changing.
Rewriting every dep with Fable for every project, maybe.
There is a big difference between completely YOLOing your dependencies and deeply reviewing all their code. It is a gradient, by acknowledging that you ask git to hide the file because you consider it "noise", you say that you are on the YOLO far end of the spectrum.
Every dependency adds risk, the goal is to minimise them. If you include a dependency for something that you would code in 20 lines, you should at least wonder if it's worth it or not. If that dependency pulls 5 transitive dependencies itself, probably you should go for the 20 lines.
As you say, sometimes it's impossible to track because there are so many dependencies (thanks to modern package managers that make it so easy). But at least you should see that your dependencies are completely out of control. If you ship an app where 95% of the code comes from dependencies you have never seen, you may as well have vibe-coded the app.
> The software industry has historically relied on being a high-trust society; I don’t know what will happen if that is changing.
I very much disagree with that. Most software is bad and shouldn't be trusted.