Hacker News new | past | comments | ask | show | jobs | submit login

Gatsby has 19k dependencies. I don't think I can find something like that for Rust.

The largest, and not exactly admirable, I can find is reqwest that drags in 97.

Whilst 100 is a huge number... It's an enormous gap from the many thousands.




And that it is not even the worst I have seen. I think the worst offenders are development tools like webpack.

I have a small project that I work on from time to time which uses 5 libraries (react, a map library and a chart library), typescript, and react-scripts (which I guess pulls in webpack and all the rest).

This is what happens when I run a npm audit (I havent' touched it for a couple of months)

> found 38934 vulnerabilities (38916 low, 18 moderate) in 906346 scanned packages

> run `npm audit fix` to fix 38620 of them.

> 314 vulnerabilities require manual review. See the full report for details.

While the real numbers are probably lower because there is a lot of duplication inside the node_modules folder, I find this ... astounding.


Javascript doesn't have a standard library (something a lot of languages provide), and nodejs's built-in functions library are... lacking. Also, the culture of providing small packages, being around for longer, and so on and so forth...

I have a project I haven't even started yet in Rust. Three dependencies in Cargo.toml. They download and install 34 dependencies.

I've now added three more (from kube-rs readme). It's now 197 dependencies. And so on.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: