Developers Reduce Supply Chain Risks By Avoiding Unnecessary Dependencies
Users endorse advice to avoid unnecessary dependencies as the most secure way to reduce supply chain risks, calling it solid and expanding on its benefits.
Most Activity
@yacineMTB
@yacineMTB This one simple trick maintainers hate.
stop using shitty dependencies that you don't need
@csharpfritz The question is how to mitigate all the current supply chain treats
@yacineMTB simple, i ask my LLM to re-write pandas every day
@yacineMTB Avoid supply chain attacks with the following trick: don’t build anything
@yacineMTB Avoid supply chain attacks by becoming a goose farmer
@yacineMTB every time you import an angel loses its wings
@yacineMTB what do you do for the 0-days then?
@yacineMTB The real difficulty is convincing people how broad “unnecessary” really is
Please god do not just build off of the goddamn Ubuntu base images because you didn’t want to take thirty seconds to have Claude make it work on alpine for you
@yacineMTB smh you just made my career obsolete
@djcows @yacineMTB bear in mind, if your LLM is rewriting pandas every day, you’re not avoiding dependencies, you’re just getting dangerously close to polars
@yacineMTB everybody should be vendoring a LOT more (or simply reimplementing)
make durable software
@yacineMTB honestly that's solid advice
@yacineMTB The last week has shown there is already a very high level of dependence.
@yacineMTB Vibe code the entire supply chain from scratch
@yacineMTB it helps to read all the code that you use also
@yacineMTB Just remove node_modules from .gitignore
@yacineMTB With AI it's easier than ever to just write your own version of packages commonly imported
@yacineMTB Or use native golang
@yacineMTB Hackers hate it when u know this one trick: