This magazine is dedicated to discussions on programming languages, software development, and coding. Whether you are a beginner programmer or an experienced developer, this is the place for you. Here you can share your knowledge, ask questions, and engage in discussions on topics such as coding languages, software engineering, web development, and more. From the latest trends and frameworks to tips and tricks for debugging, this category covers a wide range of topics related to programming.
why node.js makes me uncomfortable
I've always programmed with php for the web and during that time I've never needed to download packages (like npm) and update them. When I needed a specific function, like sending emails, uploading files or making my application drier, I just had to look at the documentation and implement it. But with node.js it doesn't work like that, and that bothers me. If I'm wrong, please correct me
You're not wrong. Dependencies pulled directly from other developers get very little oversight compared to a language's standard library. They introduce more opportunities for failure and increase the attack surface in your software. (The latter is at the core of the so-called supply chain attacks that have been in the news lately.)
To be fair, the problem is not unique to Node.js. Rust has it too, as does every other platform that encourages developer-to-developer library sharing.
The lesson is to be judicious with your dependencies. Look for the functionality you need in your language's standard library first, and then in the standard software archive maintained by your target OS. (Packages that are officially part of the major Linux distros, for example.) If you can't find it in either of those places, consider whether you truly need it, or whether writing a minimal implementation yourself would make sense.
In cases where you really must use some random person's library, look for one that's widely used, responsibly maintained, and ideally, small enough that you can keep track of its changes between versions. The responsibility for protecting your users is yours.