Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Every time I do `npm install` I am reminded of this. Why do I need 32,127 libraries again?


Because if you "waste" a week writing something yourself, nice & lean, you'll be told you've fallen for NIH and probably YAGNI as well, and get your hand slapped. But if you introduce a 3,500-strong dependency tree that'll waste a person-month spread across the team, over a year, plus make the product perform worse and waste god-knows how many person years for your users, to do the same thing... nobody complains as long as whatever you imported has lots of github stars and (ideally) looks good on a résumé.

Repeat for several decisions and soon you have tens of thousands of deps.


I have solved this by refusing to use anything involving node or npm. We had one project kick off with that and it was a lesson in supply chain attacks within a week.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: