User avatar
Matt Campbell @matt@toot.cafe
1y
There was a recent article about how it's reasonable to complain about big packages or many dependencies, but not both. v5.chriskrycho.com/notes/big-packages-or-many-dependencies/ As I look at vulnerability scanner results, I'm leaning toward small packages, and keeping the dependency count in check via some mix of conditional features and favoring lower layers of abstraction (all else being equal). For example, I think I'd rather depend directly on an MP3 encoder plus a thing for concatenating MP3 files, not all of ffmpeg.
1
0
0
0
1y
@matt Ffmpeg is an interesting example. I use some software that only claims support for mp4 video. But it’s just using ffmpeg, so it’ll take whatever I throw at it. As a user, I’d be upset if it really did require mp4. I get saying mp4 is the only supported format to lower support costs. But bigger packages allow software to be more adaptive to user needs the developer didn’t care about. Similarly, we see what always happens when accessibility features are made optional dependencies: they are always excluded. I’d rather developers use packages with all the bells and whistles. Even if they don’t expose the functionality I need, at least I am more likely to be able to hack it in one way or another.
0
0
0
0