express (common web framework) seems to have only 51 deps in lockfile
jekyll has 13
I don't disagree that lots of deps = supply chain risk
But there have always been variations between projects & kinds of projects re how many deps they pull in. Try following someone's ipython data science tutorial, it's requirements.txt for days
I think lack of a standard lib early on plus hipster functional culture made the '10s JS leaders like small monofunctional libs.
Focus on transpilation plus lack of tree-shaking in early versions of webpack may have also created an incentive for small things.
To be fair, express is a production server itself whereas werkzeug is not, so you need to add something like gunicorn or uwsgi (yeah I know nginx supports uwsgi_pass natively). click is not necessary in production though (it's only used in the dev CLI).
That said, 4 dependencies is the norm in Python land, whereas 13 dependencies is an outlier in JS land.
Edit: oops, misread, gp said express has 51 deps, not 13.
jekyll has 13
I don't disagree that lots of deps = supply chain risk
But there have always been variations between projects & kinds of projects re how many deps they pull in. Try following someone's ipython data science tutorial, it's requirements.txt for days
I think lack of a standard lib early on plus hipster functional culture made the '10s JS leaders like small monofunctional libs.
Focus on transpilation plus lack of tree-shaking in early versions of webpack may have also created an incentive for small things.