What's your process for vetting a new open source dependency before adding it to your project?
I'm interested in language too: do you have a different process for evaluating dependencies written in JavaScript/Python/Go/Rust etc?
@simon “small enough to read, doesn’t have too many random giant subdependencies”. then i scan it for noob errors or common mistakes. more if i’m writing something actually security-critical (then i try to stick to stdlib). this is in re: golang.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!