Simon Willison  

What's your process for vetting a new open source dependency before adding it to your project?

I'm interested in language too: do you have a different process for evaluating dependencies written in JavaScript/Python/Go/Rust etc?

1
sneak
Follow

@simon “small enough to read, doesn’t have too many random giant subdependencies”. then i scan it for noob errors or common mistakes. more if i’m writing something actually security-critical (then i try to stick to stdlib). this is in re: golang.

· 0 · 0 · 0
Sign in to participate in the conversation
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!

Trending now

Resources

Developers

What is Mastodon?

sneak.berlin

More…