Here are the slides I presented at the AFUP Day Lille 2023 and the companion Pull Request on Composer: Abstract When you install a JavaScript library, it usually comes with hundreds of transitive dependencies, i.e. libraries that are installed as a side effect because they are essential to the operation of the library you want…
Tag: NPM
NPM dependency hell: comparison with Symfony, Laravel and API Platform
You may have noticed the recent fuss about the compromise of event-stream, a popular NPM package: event-stream is a transitive dependency of many popular JavaScript projects including Vue, Angular, Gatsby and VSCode (some of them are using a version that isn’t affected by the attack). This attack raised, again, the problem of the JS dependency…