Похожие чаты

We would be eliminating this cancer where a ridiculous library

like the following depends on ridiculous library (is-string) that also has a dependencies. The transitive libraries have over 3 million downloads per week.

https://www.npmjs.com/package/is-eq-three?activeTab=dependencies

24 ответов

34 просмотра
Perlik-Yubenji Автор вопроса

I think this is what Javascript community needs. you copy/paste the package code into your repository as own code, not as dependency. It is an extra step for now but I am sure we can create tools to automate this. screenshot is from ui.shadcn.com. I believe Tailwind is also going the same route for components.

Perlik Yubenji
screenshot I think this is what Javascript community needs. ...

Not sure I follow how it fixes one-liners distributed as packages

Perlik-Yubenji Автор вопроса
Thomas
I don't like this either

change is tough for everyone. But it is for a better tomorrow.

Perlik Yubenji
change is tough for everyone. But it is for a be...

It works only for the most trivial pieces of code

Perlik-Yubenji Автор вопроса

We remove the ability for a dependency to have dependencies. In the end, we will ensure that apps can only have direct dependencies.

Perlik-Yubenji Автор вопроса
Perlik Yubenji
We remove the ability for a dependency to have dep...

What happens when a dependency really does need a subdependency? injection only?

Perlik-Yubenji Автор вопроса
Thomas
What happens when a dependency really does need a ...

sounds like a great solution to start with. 😀

Perlik Yubenji
screenshot I think this is what Javascript community needs. ...

I think this is dumber. there are already so many "this snippet was copied thousand times from SO and turned out to be incorrect" and what you're suggesting is what github copilot gonna do anyway. hard to manage copy pasted code. rather than a micro dependency.

Perlik-Yubenji Автор вопроса
Ellipsis (...) | now upto ♾
I think this is dumber. there are already so many...

what makes you think any npm package is always correct?

Perlik-Yubenji Автор вопроса
Perlik Yubenji
what makes you think any npm package is always cor...

It can be ofc incorrect, but there is a chance to see a fix shipped by the author/notified by dependency scanners (like Github DependencyBot). If it is a one-off copy & paste even from something trackable like github gist, there will be hard times to learn about fixes. We may manually check for updates from time to time. But if there are more copy&pasted dependencies, it becomes unmanageable to track. If we automate it, we reinvent package managers.

Perlik-Yubenji Автор вопроса
Nikolay Khodov
It can be ofc incorrect, but there is a chance to ...

dependency scanners don't magically identify issues. They are reported by users. What you are trying to describe sounds like an issue that can be fixed by subscribing to vulnerabilities notifications.

Perlik-Yubenji Автор вопроса

once you copy paste to your project, customize it to fit your needs. any updates you need can be made same way you do to own code and as I have indicated, my suggestion is not to do away with dependencies/packages, only dependencies that are required by other dependencies a.k.a transitive dependencies

Perlik Yubenji
once you copy paste to your project, customize it...

Good in theory, does not seem to be scalable in practice

Thomas
It all comes down to skill

Sure thing, we must be implying different things. Do you suggest avoiding transitive dependencies or packaged one-liners?

Perlik-Yubenji Автор вопроса
Nikolay Khodov
Good in theory, does not seem to be scalable in pr...

that's true depending on many things. It also true that managing dependencies is not really scalable.

Похожие вопросы

Обсуждают сегодня

Ready for some fun AND a chance to win TKO Tokens? Join us for exciting minigames in our Telegram group! 🕒 Don’t miss out—games start on today 25 October 2024, at 8 PM! Ge...
Milkyway | Tokocrypto
255
Добрый вечер. Есть вопрос, а может и предложение. Был у меня диалог в другой группе о делфи и я задался вопросом: "А нельзя ли в делфи цвет //коментария и {комментария} сде...
Kraszx
24
How about the project bro Likes the community not that active ?
🅿️abby_FX
19
Всем привет! Подскажи, пожалуйста, как передать в TComboBox сразу значение и id записи. На Delphi я делал так: ComboBox1.Items.AddObject('Какое-то значение', Pointer(id запис...
Евгений
13
Мдя, прикол, боевая сборка запускается (именно под отладчиком) после F9 примерно полторы минуты (97 секунд если быть точным). Начал копать - проблема детектится сразу - зависа...
Александр (Rouse_) Багель
38
How are we going bro about the Raids ??
🅿️abby_FX
13
Россия стала ввозить сливочное масло из ОАЭ. Просто ради любопытства взглянул на статистику и впечатлился. У арабов среднестатистическая корова дает около 42 литров молока в д...
Foxcool
2
Здравствуйте, вопрос по структурам данных. Были у вас случаи, когда пришлось писать деревья или двунаправленные списки?
/ /
50
Товарищи, кто работа с iphelper? Или может я в самой логике ошибки фигачу, не пойму.... var ifTable : PMIB_IFTABLE; size, corSize: DWORD; Buffer ...
Warfarellen
4
я так понимаю, я так подозреваю, что создание такого плагина для человека, кто умеет писать плагины для делфи потребует минут 5-10 времени. но это мое подозрение. хотелось бы ...
Kraszx
7
Карта сайта