Package Managers Are Evil
2 days ago
- #programming
- #package-management
- #dependencies
- Package managers automate dependency hell, making it easier to accumulate dependencies without proper consideration.
- Dependencies are liabilities; each one adds potential security and bug risks that the user becomes responsible for.
- Many languages lack a well-defined package concept, leading to multiple package managers and even package manager managers.
- High-trust in third-party code without proper vetting is a societal issue in programming, leading to potential security risks.
- The programming industry is too young to have established reliable wisdom, leading to reliance on perceived experts who may not be correct.
- Manual dependency management is advocated as a better approach, forcing developers to think critically about each dependency.
- Languages with robust standard libraries, like Go, reduce the need for third-party packages, mitigating dependency issues.