DEV Community

Discussion on: Don't use create-react-app: How you can set up your own reactjs boilerplate.

 
bstivers profile image
Brandon Stivers

I'm gonna be blunt and straight to the point.

Go ahead. Use CRA. Then start running things like npm audit. Then try to upgrade individual things without breaking changes. Then be met with a slew of "I CAN'T FORCE UPDATE" messages from npm audit fix --force because everything is bundled together and you're at the mercy of Facebook dev team. The VERY reason why I am here now. IDK about you, but I don't want to be in front of congress (like Zuckerberg) because of vulnerabilities Facebook (or is it meta now?) baked into their "easy button." I may be new to JS and React. But I'm not lazy.

P.S. Ever look at the GitHub issues for CRA? Go ahead. look.