a friend of mine has a very different solution: he codes everything by hand. he says that the time you need to research to include a new package you can actually use to code the piece you need. and he for sure doesn't have the problems of transitive dependencies
That's been happening to me more often too recently. I find that, for a growing number of simple problems, reinventing the wheel is faster and more efficient than importing a mature, fully-featured dependency.
Depending of the scenario, it can be very fine. E.g. if you just need one or two function call from the dependency. However, for some complex binary protocols it might be better to stick with libraries.
Embedded software already has a pretty strong culture of rarely using libraries and vendoring them if they do (for better and for worse). This kind of worm just doesn't really make sense in that kind of environment anyway.
That’s not really my point. My point is some libraries are easily replaced and others are massive, complex and need ongoing support.
By the same logic, he could avoid system dependencies by writing his own OS. But it obviously doesn’t scale.
I’m all for an anti-library ethos, as long as the pros and cons are carefully considered and wheels are only reinvented when the cost/risk ratio is right.
