• wkk@lemmy.world
    link
    fedilink
    arrow-up
    12
    ·
    16 days ago

    Python with PyPI, C# with Nuget, Docker with Dockerhub, Java with Maven Central, hell even just regular Linux packages from dodgy repositories…

    Supply chain attacks concern almost everything everyone everywhere.

    • mox@lemmy.sdf.orgOP
      link
      fedilink
      arrow-up
      7
      ·
      16 days ago

      This is one of the more important reasons to minimize dependencies and be very picky about the ones we adopt.

      • 3h5Hne7t1K@lemmy.world
        link
        fedilink
        arrow-up
        5
        ·
        15 days ago

        Absolutely this. It almost seems like a controversial opinion sometimes, but microdependencies is a code smell imo. This could largely be improved by providing a more extended standard lib, at the cost of innovation and velocity maybe. I found this interesting: https://blessed.rs/crates

      • Acters@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        15 days ago

        IDK about you but the company I work for can’t live without npm packages doing almost everything. For example: the is-even package.