any nodejs based framework ( react, vue, angular, … ) (npm)
python
…
All of the above are chuckful of dependecies upon dependencies, and webdev stacks are the worst of them. They make it VERY hard to make software that requires any security related certification because of the dependency hell…
I swear to god, all those frameworks are designed so badly when looking at dependency hell …
Who can we blame though? If we need something simple as sed, yes, go ahead and have a great security scan report. Web development has a complexity to make a dog puke so naturally you can’t practically write every line of code by yourself. The choices are either trust those package maintainers will maintain their software regularly, or build no web application.
Welcome to modern framework development!
All of the above are chuckful of dependecies upon dependencies, and webdev stacks are the worst of them. They make it VERY hard to make software that requires any security related certification because of the dependency hell…
I swear to god, all those frameworks are designed so badly when looking at dependency hell …
… Yet i will write c and c# code everyday haha
Who can we blame though? If we need something simple as
sed
, yes, go ahead and have a great security scan report. Web development has a complexity to make a dog puke so naturally you can’t practically write every line of code by yourself. The choices are either trust those package maintainers will maintain their software regularly, or build no web application.Don’t threaten me with a good time.