←back to thread

The fate of "small" open source

(nolanlawson.com)
295 points todsacerdoti | 1 comments | 16 Nov 25 19:21 UTC | HN request time: 0.001s | source
Show context
Aperocky ◴[16 Nov 25 20:38 UTC] No.45948201[source]
> the era of small, low-value libraries like blob-util is over.

Thankfully (not against blob-util specifically because I've never intentionally used it), I wouldn't completely blame llms either since languages like Go never had this dependency hell.

npm is a security nightmare not just because of npm the package manager, because the culture of the language rewards behavior such as "left-pad".

Instead of writing endless utilities for other project to re-use, write actual working things instead - that's where the value/fun is.

replies(3): >>45948291 #>>45948576 #>>45956235 #
ncruces ◴[16 Nov 25 20:52 UTC] No.45948291[source]
But as Go puts it:

“A little copying is better than a little dependency.”

https://go-proverbs.github.io/

replies(2): >>45948486 #>>45948539 #
threatofrain ◴[16 Nov 25 21:24 UTC] No.45948539[source]
Copying is just as much dependency, you just have to do maintenance through manual find-and-replace now.
replies(7): >>45948640 #>>45948666 #>>45948754 #>>45948756 #>>45949127 #>>45949152 #>>45949481 #
jamietanna ◴[16 Nov 25 21:37 UTC] No.45948640{3}[source]
Yeah it's the main thing I really dislike about this - how do you make sure you know where it's from? (ie licensing) What if there are updates you need? Are you going to maintain it forever?

For some definition of "small piece of code" that may be ok, but also sometimes this is more than folks consider

replies(1): >>45948744 #
1. skydhash ◴[16 Nov 25 21:51 UTC] No.45948744{4}[source]
Do you know that you can just add a small text file or a comment explaining that a module is vendored code. Ad updates is handled the same way as the rest of the code. And you will be “maintaining” it as long as you need to. Libraries are not “here be dragons” best left to adventurous ones.