Our great sponsors
-
SurveyJS
Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
Personally, I try my best to avoid bringing in dependencies as much as possible, and try to limit my exposure to only dependencies with low/shallow transitive dependency counts. Unfortunately, this is pretty hard, especially in corporate settings. What we need more of are the opposite of what we've been collectively praising: we need more monolithic packages. Case in point: lodash.template is currently vulnerable with no mitigation, even though lodash itself is not. That's just sloppy publishing practices. Esbuild is a great start over the webpack/babel maze of dependencies. There's a stdlib effort along those lines that hopefully would also help. There's a bunch of micro-frameworks that are used in production just fine and have little to no dependencies.
Personally, I try my best to avoid bringing in dependencies as much as possible, and try to limit my exposure to only dependencies with low/shallow transitive dependency counts. Unfortunately, this is pretty hard, especially in corporate settings. What we need more of are the opposite of what we've been collectively praising: we need more monolithic packages. Case in point: lodash.template is currently vulnerable with no mitigation, even though lodash itself is not. That's just sloppy publishing practices. Esbuild is a great start over the webpack/babel maze of dependencies. There's a stdlib effort along those lines that hopefully would also help. There's a bunch of micro-frameworks that are used in production just fine and have little to no dependencies.
Personally, I try my best to avoid bringing in dependencies as much as possible, and try to limit my exposure to only dependencies with low/shallow transitive dependency counts. Unfortunately, this is pretty hard, especially in corporate settings. What we need more of are the opposite of what we've been collectively praising: we need more monolithic packages. Case in point: lodash.template is currently vulnerable with no mitigation, even though lodash itself is not. That's just sloppy publishing practices. Esbuild is a great start over the webpack/babel maze of dependencies. There's a stdlib effort along those lines that hopefully would also help. There's a bunch of micro-frameworks that are used in production just fine and have little to no dependencies.