Russ Cox, who developed the dependency/package management system for Go, writes about the problems with software dependencies. A choice excerpt:
Dependency managers now exist for essentially every programming language. [...] The arrival of this kind of fine-grained, widespread software reuse is one of the most consequential shifts in software development over the past two decades. And if we’re not more careful, it will lead to serious problems.
A package, for this discussion, is code you download from the internet. Adding a package as a dependency outsources the work of developing that code [...] to someone else on the internet, someone you often don’t know. By using that code, you are exposing your own program to all the failures and flaws in the dependency. Your program’s execution now literally depends on code downloaded from this stranger on the internet. Presented this way, it sounds incredibly unsafe. Why would anyone do this?
(Score: 3, Informative) by darkfeline on Friday January 25 2019, @09:57AM (2 children)
I suppose I am partially at fault for choosing that particular excerpt. As we all know, no one reads TFA.
If you actually read the article, you will find that Russ doesn't argue against adding dependencies, but rather that we should properly vet them and that perhaps we now need tools to help us validate and update our dependencies rather than just download and distribute them.
> Do we go grabbing every package in sight, willy nilly, just to add bullet points to our spec sheet? No, _we_ don't do that
May I introduce you to the modern NPM/Node.JS programmer, where we have such lovely things as the is-odd package, a package with a million weekly downloads that implements a single function that returns true if a number is odd. Of course, there's the corresponding is-even package, which is implemented as !isOdd.
Join the SDF Public Access UNIX System today!
(Score: 2) by JoeMerchant on Friday January 25 2019, @01:53PM (1 child)
Not true, I read TFA in at least 1% of cases that I comment on ;-)
🌻🌻 [google.com]
(Score: 0) by Anonymous Coward on Friday January 25 2019, @11:54PM
Anathema!