> This is a culture issue with developers who find it OK to have hundreds of (tr... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		worik 3 months ago \| parent \| context \| favorite \| on: Shai-Hulud malware attack: Tinycolor and over 40 N... > This is a culture issue with developers who find it OK to have hundreds of (transitive) dependencies, and then follow processes that, for all intents and purposes, blindly auto update them I do not know about NPM. But in Rust this is common practice. Very hard to avoid. The core of Rust is very thin, to get anything done typically involves dozens of crates, all pulled in at compile time from any old developer implicitly trusted.

hedora 3 months ago [–]

The same is true for go and for java.

ricardobeat 3 months ago | [–]

You can write entire applications in Go without resorting to any dependencies, the std lib is quite complete.

Most projects will have a healthy 5-20 dependencies though, with very little nested modules.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact