Whats the point of having dependencies tied to each file? If I have a dependency to a state system or react doesn't that mean I have to go though refactoring hell to change every single instance in the entire application to use the one bugfix version (hard to find, screw it up once and you have to comb 1000 files and code to find the one thats different, etc). I have seen many instances where I've had to rollback to a very specific version due to a particular problem with just a bugfix release. Even the recent NPM7 talk shows how you may need to rollback a bugfix release to "fix" a security flaw with a dependency--and thats just the tip of the iceberg with dependency hell.
And speaking of security. This --allow-net feature has little to no meaning. It's clear from the code that it's just "do anything you want" only you have to the extra burden on the user to specify it (and presumably know to specify it if you have something that only sometimes needs network). This smells like a "we gave you thing, if it doesnt work it's your fault #covermyass" kind of feature. In the code there's nothing that says "only this library can have access to network" so any random dependency or dependency of a dependency can have malicious code in it. It's only small merit for 10 line scripts but I'm sure people will just suggest running --allow-net on anything and everything out of sheer frustration with cases where it is legitimately needed and not obvious you had to put it there. For any serious application you will need net and fs for something or other (database and logging just to name the most obvious) so it's just a flag that's always there that gives people who don't know how to make a system secure a false sense of security and safety thats not actually there. If this is what the Deno team considers security to be I'm very skeptical about the future of the language.
All in all, this is just typescript which you can already write (ts-node also exist that simplify the process of just running typescript if you really want a one-liner). Inferior ecosystem and more importantly security in said ecosystem (since at least NPM is making serious efforts--not that malicious packages are unique to js or anything).
This project should have stayed in the oven. This 1.0.0 doesn't seem to have any redeeming qualities. Besides some potential in splitting the community apart, what exactly does it add for the javascript/typescript community.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Whats the point of having dependencies tied to each file? If I have a dependency to a state system or react doesn't that mean I have to go though refactoring hell to change every single instance in the entire application to use the one bugfix version (hard to find, screw it up once and you have to comb 1000 files and code to find the one thats different, etc). I have seen many instances where I've had to rollback to a very specific version due to a particular problem with just a bugfix release. Even the recent NPM7 talk shows how you may need to rollback a bugfix release to "fix" a security flaw with a dependency--and thats just the tip of the iceberg with dependency hell.
And speaking of security. This --allow-net feature has little to no meaning. It's clear from the code that it's just "do anything you want" only you have to the extra burden on the user to specify it (and presumably know to specify it if you have something that only sometimes needs network). This smells like a "we gave you thing, if it doesnt work it's your fault #covermyass" kind of feature. In the code there's nothing that says "only this library can have access to network" so any random dependency or dependency of a dependency can have malicious code in it. It's only small merit for 10 line scripts but I'm sure people will just suggest running --allow-net on anything and everything out of sheer frustration with cases where it is legitimately needed and not obvious you had to put it there. For any serious application you will need net and fs for something or other (database and logging just to name the most obvious) so it's just a flag that's always there that gives people who don't know how to make a system secure a false sense of security and safety thats not actually there. If this is what the Deno team considers security to be I'm very skeptical about the future of the language.
All in all, this is just typescript which you can already write (ts-node also exist that simplify the process of just running typescript if you really want a one-liner). Inferior ecosystem and more importantly security in said ecosystem (since at least NPM is making serious efforts--not that malicious packages are unique to js or anything).
This project should have stayed in the oven. This 1.0.0 doesn't seem to have any redeeming qualities. Besides some potential in splitting the community apart, what exactly does it add for the javascript/typescript community.