It's both technical and cultural.
Now, when Node came around, people wanted as much as possible to have the same libraries available on the front end, so the same obsession with size was carried over.
Ergo the micro-milli-nano-packages they make.
Now, about the technical solution to this. We have this, for well defined programming languages (read: statically typed ones, or dynamically typed ones with a clear structure).
It's a linker. Tech from the 1950s.
Link (include) just the stuff you want, "tree shake"/"remote dead code" whatever you don't.
Almost 3 decades later we're trying to undo that damage.
Fortunately the problem could become more tractable if something like SES / Endo takes off:
"Endo protects program integrity both in-process and in distributed systems. SES protects local integrity, defending an application against supply chain attacks: hacks that enter through upgrades to third-party dependencies. Endo does this by encouraging the Principle of Least Authority. ... Endo uses LavaMoat to automatically generate reviewable policies that determine what capabilities will be distributed to third party dependencies."
Appwrite - The Open Source Firebase alternative introduces iOS support . Appwrite is an open source backend server that helps you build native iOS applications much faster with realtime APIs for authentication, databases, files storage, cloud functions and much more!
A library for generating fake data such as names, addresses, and phone numbers. [Moved to: https://github.com/faker-ruby/faker] (by stympy)
https://github.com/stympy/faker/ - Copyright (c) 2007-2010 Benjamin Curtis
generate massive amounts of realistic fake data in Node.js and the browser (by 9renpoto)
A cryptographically verifiable code review system for the cargo (Rust) package manager.
get colors in your node.js console
And yet it didn't have things like this:
Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.
Repository with text of DMCA takedown notices as received. GitHub does not endorse or adopt any assertion contained in the following notices. Users identified in the notices are presumed innocent until proven guilty. Additional information about our DMCA policy can be found at
I didn't remember that particular legal complication, so thanks for prompting me to look it up. It seems that his argument was that Bukkit couldn't be distributed because it contained Mojang's proprietary code, but the fact that it also contained some of his code meant that he was a copyright holder for the purposes of the DMCA.
This seems like an edge case that wasn't anticipated by the DMCA, but I can see the argument that mixing GPL code with proprietary code is creating and distributing a derivative work, in violation of the GPL. Without proprietary code being present, though, I don't think a developer can DMCA takedown their own GPL software.
 "As the Minecraft Server software is included in CraftBukkit, and the original code has not been provided or its use authorized, this is a violation of my copyright." https://github.com/github/dmca/blob/master/2014/2014-09-05-C...
Backdooring Rust crates for fun and profit
2 projects | reddit.com/r/programming | 4 May 2022
What precautions does the crates registry have against malicious supply chain attacks?
5 projects | reddit.com/r/rust | 20 Mar 2022
NVD - CVE-2022-23812 - A 9.8 critical vulnerability caused by a node library author adding code into his package which has a 1 in 4 chance of wiping the files of a system if it's IP comes from Russia or Belarus
4 projects | reddit.com/r/programming | 17 Mar 2022
1 project | reddit.com/r/programming | 24 Feb 2022
Bringing include_dir Into the Modern Era
2 projects | reddit.com/r/rust | 5 Jan 2022