In your application, each dependency has a maintainer. Each maintainer has a direct path into your application.
If you have five dependencies, you trust five maintainers. If you have 1000 dependencies, you trust 1000 maintainers. Which is more likely to burn you?
I blogged about all of this years ago and the song remains the same. Every developer needs to learn this lesson.
🔪 Kill your Dependencies 🔪
@mperham you probably meant "each dependency probably has a maintainer" 😆
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!