> Ironically, I think more dependencies are actually better, because it means they are smaller. "Do one thing well".
I could believe this if I thought that having 1500 dependencies led to less code overall, but the size of my node_modules folder shows that assumption to be flawed.
The other problem with this argument is that each dependency you add is another set of developers that you are depending on. It's another group of people who could suddenly pull a left pad or worse, and it's another group of people who you have to trust to have written secure code. The fewer dependencies I have, the smaller my chances of being exploited because of a people problem.
I could believe this if I thought that having 1500 dependencies led to less code overall, but the size of my node_modules folder shows that assumption to be flawed.
The other problem with this argument is that each dependency you add is another set of developers that you are depending on. It's another group of people who could suddenly pull a left pad or worse, and it's another group of people who you have to trust to have written secure code. The fewer dependencies I have, the smaller my chances of being exploited because of a people problem.