this post was submitted on 02 Feb 2026
340 points (97.0% liked)
Technology
80478 readers
3521 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Eh. I never considered myself some hard-core old professional, but:
If an LLM introduces a dependency, I will sure as hell go see it myself. Enough people do not do that for this to become a problem?
There's a term called "dependency hell". Sure, this one dependency is fine, but it depends on 3 other libraries, those 3 depend on a sum of 7 others, etc...
https://xkcd.com/1579/
Nah, dependency hell is when two things you want to use depend on same thing, but different versions. The depth of dependencies needed to make "this one thing" work may or may not be a problem
It's exacerbated by "oh this library is updated for no reason than its version is newer so we need to force that bleeding edge on any ecosystem we're in" thinking.
We've absolutely lost the careful, measured long-term release and maintenance cadence that we built the Internet on.
Compare Systemd.
The worst dependency hell is when a library has a strict version dependency, and another library uses that same dependency. When the second library updates their minimum version of the dependency to one that is higher than the exact version needed for the first, THAT'S dependency hell.
This wouldn't be a problem if libraries didn't frequently make breaking changes to their api.
"Move fast and break things" is for startups with no userbase, not libraries with millions of users.
There are times when things need to be broken. But I also definitely understand your angle.
ever heard of node.js?
Heard, not used though. Jokes about isEven(tm) too, but I never thought it goes like this in anything intended for external use
there's at least one guy i know of on github whose claim to fame is he finds code in existing node codebases by big corpos that's duplicated, breaks it out into a library, then PRs the original codebase with "instead of doing manually, switch to depending on this library", then adds to his profile "my code is used by ". he had thousands of libraries like that last i checked, most of them less than ten lines of code. the manifest and other boilerplate is way larger than the actual code.
Damn. isEven come alive. But hilarious enough to watch someone do it :)
Your
node_modulesdirectory can get so bloated that the community came up with different package managers just for deduplication!pnpm, for example, makes one global-adjacent cache, and then just symlinks the dependencies as needed. This is because the regularnpmdoesn't, because what if the package changed between the 20ms since I downloaded it fornuxt? (Sorry Nuxt users, had to pick a name)Given an example from another reply... yeah. Things are fucked