...explains a lot of things about the current state of the JavaScript, Python, Rust and Go ecosystems.
Here, FTFY.
IOW, having a package manager in your programming language is a boon and a curse, but more of a latter. People just add a single line to their dependency list, and pull in the literal world. As long as their code runs the way it should, nobody, I mean, nobody cares.
"...explains a lot of things about the current state of the JavaScript, Python, Rust and Go ecosystems."
The difference is that with Go or Python you can, if you decide to, do quite a lot without either pulling random stuff from the internet or making your own implementation from scratch, due to extensive standard libraries.
I find this problem much easier to talk about face-to-face - my catchphrase on th subject involves gestures:
"All we've done is trade this kind of complexity <holds hands about two feet apart, vertically> for this kind of complexity <holds hand about four feet apart horizontally>.
> People just add a single line to their dependency list, and pull in the literal world.
So do you prefer the situation in c++ where you just add one dependency, like "boost" or "Qt" and it still pulls in 15M lines of code but now it's just "one" dependency instead of 150?
No, I prefer to find and vendor in single libraries which do not come with 15M lines of code. Like Eigen.
On the other hand, you can introduce Qt modularly, so you don't have to import all of them. Same for Boost, though I don't use either.
I write Go and use Uber's zap for logging. It pulls in uncomfortable amount of code, too. Until I can find something better, I'll continue using it, but I'm not comfortable with it.
However, in C++ land, I was able to use standalone libraries like Catch or Eigen which were big, but not unwieldy, and Eigen is also as modular as Boost. So you know what you include and what you do at the end of the day.
I'm a big fan of standalone source code repositories which vendor minimum number of libraries (which I strive to develop, too). You need GCC and glibc only. Just make it, use it. "No hidden fees, no games", I may say.
Which also shows the issue with using size as the only metric.
Boost and Qt are very solid systems. They have well-deserved, excellent reputations. In order for this tool to be useful, it would need to have a “reputation score,” that relies on more than GH stars and social media buzz.
That said, I am not a fan of doing something like adding 1MB to a page load, so you can animate a button press; even if the dependency is reputable.
Sometimes, it makes more sense to reinvent the wheel, as opposed to bringing in an 18-wheeler.
Even ignoring the fact that no one forces you to add whole Qt to your project, do not compare Qt, which is a battle-tested, long-lived framework, developed and maintained for decades by the company that also provides commercial support for it, with a bucket of intermingled crap sourced from random repositories across the internet.
At least with python you can get away with an awful lot without pulling in random packages. I use python repl and scripts daily, and seldom use pip (apt repos I’m fine with)
If you code mindfully, Python stdlib can do tons and tons of things (I love logging and argparse, for example). But I have seen the other end of the spectrum, too. Somebody imported whole Pandas just to read a couple of columns from an Excel file, to create a simple URL list, and some folders.
To download the free Springer books during COVID.
I mean, ouch.
P.S.: If you like your eyes, please don't look at AI stacks.
Here, FTFY.
IOW, having a package manager in your programming language is a boon and a curse, but more of a latter. People just add a single line to their dependency list, and pull in the literal world. As long as their code runs the way it should, nobody, I mean, nobody cares.
This is a huge problem.