logoalt Hacker News

Pannoniaetoday at 1:59 AM0 repliesview on HN

It's kind of full circle... dependency management was invented because consuming libraries or common code was hard, everyone kept reinventing the wheel and if you had some vendored code, updating it was a nightmare due to the build integration and source customisation. So people don't update much.

Proper dependency managers changed that and it became much easier to consume libraries, just declare what you went, the build framework handles the rest.

But we now have problems with consistent versioning, churn, breaking API changes and supply-chain attacks.... and looks like "just vendor everything in" might be a thing again?