any nodejs based framework ( react, vue, angular, … ) (npm)
python
…
All of the above are chuckful of dependecies upon dependencies, and webdev stacks are the worst of them. They make it VERY hard to make software that requires any security related certification because of the dependency hell…
I swear to god, all those frameworks are designed so badly when looking at dependency hell …
Who can we blame though? If we need something simple as sed, yes, go ahead and have a great security scan report. Web development has a complexity to make a dog puke so naturally you can’t practically write every line of code by yourself. The choices are either trust those package maintainers will maintain their software regularly, or build no web application.
I mean, to some degree i believe you are right. I myself manage a .net library to parse barcodes. However, webdev has layers upon layers upon layers of dependencies. The advantage is that even my cat could make a website. The downside is it will be horribly inefficient because of those layers of dependencies. 90% of what they bring is stuff you dont need and are in the way. Or you use, but because youre going through all those layers, its fucking slow.
This applies to desktop dev too, but less hard than webdev. Most of the webdev development i just question why something was created and most of the time i can only conclude its because of some hack job and something missing. So they take a huge library and use only part of it for something. Its just… Eug
I am i developer/lead that likes to make things as small and efficient as possible and that just makes me die a little inside every time :p
Welcome to modern framework development!
All of the above are chuckful of dependecies upon dependencies, and webdev stacks are the worst of them. They make it VERY hard to make software that requires any security related certification because of the dependency hell…
I swear to god, all those frameworks are designed so badly when looking at dependency hell …
… Yet i will write c and c# code everyday haha
Who can we blame though? If we need something simple as
sed
, yes, go ahead and have a great security scan report. Web development has a complexity to make a dog puke so naturally you can’t practically write every line of code by yourself. The choices are either trust those package maintainers will maintain their software regularly, or build no web application.Don’t threaten me with a good time.
I mean, to some degree i believe you are right. I myself manage a .net library to parse barcodes. However, webdev has layers upon layers upon layers of dependencies. The advantage is that even my cat could make a website. The downside is it will be horribly inefficient because of those layers of dependencies. 90% of what they bring is stuff you dont need and are in the way. Or you use, but because youre going through all those layers, its fucking slow.
This applies to desktop dev too, but less hard than webdev. Most of the webdev development i just question why something was created and most of the time i can only conclude its because of some hack job and something missing. So they take a huge library and use only part of it for something. Its just… Eug
I am i developer/lead that likes to make things as small and efficient as possible and that just makes me die a little inside every time :p