"Vendoring" Software
10 months ago
- #dependency-management
- #software-development
- #vendoring
- Vendoring is the practice of copying another project's source code directly into your own project.
- The term 'vendoring' originated in the Ruby community but is widely used in software development.
- Vendoring simplifies dependency management by avoiding complex transitive dependency issues.
- A major drawback of vendoring is the transitive dependency problem, where dependencies of dependencies must also be vendored.
- Dependency managers like NPM solve the transitive dependency problem but introduce bloat and security risks.
- Vendoring encourages a culture of independence, reducing reliance on external dependencies.
- Modern dependency managers can lead to bloated projects with hidden risks, such as unwanted polyfills.
- Prominent developers advocate for vendoring or minimizing dependencies to improve code reliability and security.
- Some projects, like DaisyUI, have successfully reduced dependencies to zero.
- Vendor-first dependency managers combine the benefits of vendoring and traditional dependency management.