DEV Community

Discussion on: Why You Should Care What You Npm Install

samuraiseoul profile image
Sophie The Lionhart

On this same note, I was talking with another dev the other day, that its incredible that you can't easily on sort repos by dependencies, nor easily see how many dependencies the repo's dependencies will pull in. It makes it very hard to make an informed decision about an individual module you want to include. It's very hard to tell if that lib you pulled in(or one its dependencies) will pull in the entire npm ecosystem and thus some nefarious lib.

blackcat_dev profile image
Sasa Blagojevic Author

Thanks for the reply and you are absolutely right!