top | item 21113280

(no title)

blobs | 6 years ago

Totally second this. I see novice web developers writing in Typescript in an effort to be more type save and at the same time using hundreds of npm packages that are often written by amateurs that make basic mistakes.

Just take an average startups web project node_modules directory, what's inside there? Hundreds and hundreds of packages of which most are dependencies of other packages. Anyone could have written it! Novice devs swear by using Typescript, but at the same time using hundreds of black boxes that can easily contain stuff way more damaging that a string applied to a number..

Remember left-pad? That was an easy one to fix, but still caused damage at large scale. What about a vulnerability in a larger and more complex package, owned by some bad party?

discuss

jannes|6 years ago

For me the biggest problem is webpack. Do you know an alternative bundler with less dependencies and typescript support? I already use webpack without the webpack-cli package in most of my projects in order to avoid the extra dependencies.

I'm currently investigating rollup because it only has 3 dependencies (2 of which are @types)

marcus_holmes|6 years ago

I'm trying to use Vue in a secure web app, and Webpack is a nightmare. I have to trust hundreds of dependencies to use it at all. Trying to avoid this and use some other method of compiling multiple .vue single-file components into a larger single js file is proving tricky (to say the least). How did the JS ecosystem end up in this situation?

rmilejczz|6 years ago

I recommend rollup for libraries and parcel for web apps.