Pointers Gone Wild's resource offers insights, tutorials, and resources for C and C++ programmers. Readers can learn about pointer manipulation, memory management, and low-level programming techniques. With articles, tutorials, and code examples, Pointers Gone Wild provides  guidance and expertise for mastering the intricacies of pointer-based programming.

Pointers Gone Wild

A developer argues that minimizing external dependencies is more important than ever, not just to avoid breakage but as a security measure. With supply chain attacks rising in Python and npm ecosystems, and AI tools enabling automated vulnerability discovery and malicious PR injection, every unnecessary dependency expands the attack surface. The post also critiques the outdated Linux/macOS security model, advocating for sandboxing by default. The conclusion: simpler software with fewer dependencies is the most reliable defense.

Dependencies are a Liability

Thats why i run my websites on like 5-10 dependencies max, with nearly 0 production dependencies.
Additionally i try to prevent usage of a backend. Now that isn’t always possible but if i can save the data in localStorage, i will happily skip building auth and a backend.
If i don’t have your data, i cannot leak your data.

Wanting to go the dependency free / batteries included route only looks appetizing, but there’s always a good reason as to why a dependency actually exists in the first place and why also everyone uses it.
Now, if you are interested in going completely independent of anything out there, you are definitely free to do so, but if the scope you / your team / your organization is working on has grown too large, then its going to be quite difficult to build a lot of things from scratch again, and if you are an Open-Source developer, then may God bless you boi, because maintaining self-built alternatives for around even 20 crucial alternatives is going to be a monumental task in itself.
And the real pain hits you when you lack the skills that is actually needed to completely replace the dependency permanently and suppose a big attack happens that goes to sweep the entire software infrastructure all around the world, but fails miserably in everything except yours, well, then you are going to have quite a problem at that point.
Not to mention, the real solution is to actually not become self-serving but instead if possible, supporting the people who are maintaining those important dependencies. The idea is to not build walls, but to build bridges as you identify the times of need.
Open Source survives if we the people are willing to hold it so that it does to in turn hold up back when its needed the most.

Today, the more dependencies you have, the bigger the potential attack surface for supply chain attacks. It’s not only about creating an entity with node_modules that’s heavier than a black hole anymore. 😉
<img src="https://media.daily.dev/image/upload/s---1FWloiD--/f_auto/v1778591371/ugc/content_cfb33665-4a04-4c68-86bd-90661a79f659?_a=BAMAMiWQ0" alt="image.png">

A Go proverb goes like “a little copying is better than a little dependency” and this goes a long way.
The other thing is maybe don’t use JS/TS on the back end if you can avoid it (and you most likely can).

It just sums up why tanstack got the security issues.