top | item 42315147

(no title)

morbicer | 1 year ago

This would be an idea worth considering if you didn't pick babel which will drag a half of universe with it https://bundlephobia.com/package/babel-core

Use raw esbuild or swc; or be hassle free with Vite... or something else less cursed. I am grateful for Babel, it opened up the js development to new syntax but it's a beast from the past times. (The same applies to webpack)

Transitive dependencies of those are exactly the thing Dependabot will nag you about day and night.

discuss

gloosx|1 year ago

>babel which will drag a half of universe with it

Why should I care about 500KiB of development dependencies, they won't end up inside the build anyway? I don't see any value in vite or other build tool since I know how to write a webpack config I need in 3 minutes, and it is the same process for almost 10 years now, just npx webpack init, adjust the config slightly and never touch it again, there is no option which is too complex or hard to grasp, just the typical output/input/modules/plugins, and you never need to update it without a good reason to. Just dependabot nagging is never a good reason to start manically updating your build dependencies

morbicer|1 year ago

In enterprise environment you need to manically update to meet the security compliance SLAs because those dependencies are a source of non stop CVEs. It's mostly bunk CVEs but that's out of your control.