5 points | by _tk_ a day ago ago
1 comments
The article's final call to action:
> Developers working with open source packages should:
...followed by 5 bullet points of laborious to-do's, to try to minimize the risk from each of the open source packages you're using.
My take:
- Aggressively minimize the number of packages you use. Any idiot can import 1M LoC in a minute. Competent dev's don't.
- Be willing to re-invent some wheels. Especially when the alternative is importing wheel-lib v13.9.2j, along with its dozen or so dependencies.
The article's final call to action:
> Developers working with open source packages should:
...followed by 5 bullet points of laborious to-do's, to try to minimize the risk from each of the open source packages you're using.
My take:
- Aggressively minimize the number of packages you use. Any idiot can import 1M LoC in a minute. Competent dev's don't.
- Be willing to re-invent some wheels. Especially when the alternative is importing wheel-lib v13.9.2j, along with its dozen or so dependencies.