In-reply-to » @markwylde No, it doesn't have to be this way, but it is (almost) always this way. When a programming language makes it too easy to manage dependencies, you inevitably get microdependencies. It doesn't help that many people learn JavaScript or Python as their first language.

“dependency hell” comes from this “exponential dependency tree” that we inevitably see in ecosystems like NodeJS / NPM

Yes, and these “ecosystems” try to put a band-aid on it by allowing packages to specify which version of a package they need. All that means is you get 7 different versions of the same package bloating up your node_modules folder and 6 critical vulnerabilities from one package.

Then, it’s impossible to keep track of all 1200 of your dependencies and sub-dependencies, so you get a robot to do it for you: Dependabot. What happens when Dependabot dies? Absolute chaos.

NodeJS library authors could just write better libraries and avoid breaking changes every update, and NodeJS software developers in general could fix their programs when they break, but they don’t. It’s on the “ecosystem” to solve for this, and it inevitably does a terrible job.

⤋ Read More