> People give C++ lots of hate but thanks to not having an easy way of adding complex dependencies, it has less dependency driven bugs/security issues.
This doesn't stop people adding dependencies: most C++ software still has a complex dependency tree, just most of the labour of maintaining it falls on distro maintainers (and the poor souls which need to make windows builds) [0]
And I don't think C++ has any shortage of dependency driven bugs or security issues. Certainly if you asked me to pick whether I'd like to build something from npm or the average C++ project I'd pick npm every time: I expect to need to fix on average about 2 issues every time I attempt to run a non-trivial C++ project's build, each issue taking an hour or so to locate and fix or hack around. The nature of C++ dependency management means there's more likely to be vendored dependencies which are out of date and have security issues, perhaps introduced by the dependee project as patches (and ripping out this kind of vendoring and dealing with any required patches creates even more headaches for distro maintainers, though they are also quite capable of introducing their own bugs through their own patches).
This doesn't stop people adding dependencies: most C++ software still has a complex dependency tree, just most of the labour of maintaining it falls on distro maintainers (and the poor souls which need to make windows builds) [0]
And I don't think C++ has any shortage of dependency driven bugs or security issues. Certainly if you asked me to pick whether I'd like to build something from npm or the average C++ project I'd pick npm every time: I expect to need to fix on average about 2 issues every time I attempt to run a non-trivial C++ project's build, each issue taking an hour or so to locate and fix or hack around. The nature of C++ dependency management means there's more likely to be vendored dependencies which are out of date and have security issues, perhaps introduced by the dependee project as patches (and ripping out this kind of vendoring and dealing with any required patches creates even more headaches for distro maintainers, though they are also quite capable of introducing their own bugs through their own patches).
[0] https://wiki.alopex.li/LetsBeRealAboutDependencies