I always hear folks critiquing JS web development because people install way too many NPM packages and don't have any idea what their dependencies are. In part, that's because JS doesn't have a standard library.
So with #rust—which *does* have a standard library and the reputation for being more security focused—I was expecting the total number of dependencies to be a lot lower. But, at least on the crates I've tried, they've been way higher.
What's up with that?
@codesections Rust has adopted npm's culture of small packages.
I'm convinced that having general distrust of packages and reinventing wheels is not the best way to go. Tools like `crev` should help ensure that you can have many packages and they can be safe.
Very interesting. I hadn't heard about `crev`, thanks!
Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.