WeSearch

Fork your dependencies

·1 min read · 0 reactions · 0 comments · 18 views
#fork#your#dependencies
Fork your dependencies
TL;DR · WeSearch summary

Mitchell Hashimoto@mitchellhFork your dependencies, trim them to only your use case, never update unless it breaks for your users. I’ve always said that updating is way riskier than latent bugs (which can be tracked and CVEs monitored). If you are updating a dependency, it’s on you to analyze every single commit in the full transitive set of dependencies.

Key facts
Original article
X (formerly Twitter)
Read full at X (formerly Twitter) →
Opening excerpt (first ~120 words) tap to expand

Mitchell Hashimoto@mitchellhFork your dependencies, trim them to only your use case, never update unless it breaks for your users. I’ve been vocal about this for 10+ years. I’ve always said that updating is way riskier than latent bugs (which can be tracked and CVEs monitored). If you are updating a dependency, it’s on you to analyze every single commit in the full transitive set of dependencies. If you dont see anything compelling, dont update! I remember at HashiCorp once in awhile an engineer would try to update a dep or replace a DIY lib with an external one and id always ask “show me the commit we need.” Dont update for the sake of it.

Excerpt limited to ~120 words for fair-use compliance. The full article is at X (formerly Twitter).

Anonymous · no account needed
Share 𝕏 Facebook Reddit LinkedIn Threads WhatsApp Bluesky Mastodon Email

Discussion

0 comments