DEV Community


Discussion on: Why You Should Care What You Npm Install

simeydotme profile image
Simon Goellner

Article was well written and thanks for the informative look at something important to know :)

I do take issue, though, with your assertion that installing dependencies without checking their source or github history is "lazy". The world of software, especially web, development is super competitive nowadays. If a client is demanding a tighter timeline, and a smaller budget... you have a choice; Cut the corner and get the job, or Go hungry -- because someone else will cut that corner.

I want to believe that the huge benefits and time-savings we've created are due to pressure, not laziness. Clients now demand excellent, hugely interactive, and fast experiences at the same price they've always paid. Where can you create that extra value if not at the development phase?

blackcat_dev profile image
Sasa Blagojevic Author

Hey Simon thanks for reading and thanks for the reply. I never said in the post that developers which don't check dependencies on Github are lazy, I said that developers who choose to install dependencies for even the most trivial things instead of writing a few extra lines of code are lazy. The perfect example for that is the left-pad library. :)

And I feel you, clients nowadays usually want everything for pennies done yesterday, but it is our responsibility to our industry to explain to them that they have 3 options but can only choose 2:

  • Fast
  • Cheap
  • Good Quality