The fate of "small" open source

(nolanlawson.com)

295 points todsacerdoti | 1 comments | 16 Nov 25 19:21 UTC | HN request time: 0.202s | source

Show context

Aperocky ◴[16 Nov 25 20:38 UTC] No.45948201[source]▶

> the era of small, low-value libraries like blob-util is over.

Thankfully (not against blob-util specifically because I've never intentionally used it), I wouldn't completely blame llms either since languages like Go never had this dependency hell.

npm is a security nightmare not just because of npm the package manager, because the culture of the language rewards behavior such as "left-pad".

Instead of writing endless utilities for other project to re-use, write actual working things instead - that's where the value/fun is.

replies(3): >>45948291 #>>45948576 #>>45956235 #

ncruces ◴[16 Nov 25 20:52 UTC] No.45948291[source]▶

>>45948201 #

But as Go puts it:

“A little copying is better than a little dependency.”

https://go-proverbs.github.io/

replies(2): >>45948486 #>>45948539 #

threatofrain ◴[16 Nov 25 21:24 UTC] No.45948539[source]▶

>>45948291 #

Copying is just as much dependency, you just have to do maintenance through manual find-and-replace now.

replies(7): >>45948640 #>>45948666 #>>45948754 #>>45948756 #>>45949127 #>>45949152 #>>45949481 #

1. ncruces ◴[16 Nov 25 22:41 UTC] No.45949127[source]▶

>>45948539 #

Keyword: little.

Dependencies need to pull their own weight.

Shifting responsibilities is a risk that the value added needs to offset.

↑