Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Because your potential dependencies will require 5.x as a peer dependency, so you have to use 5.x. Because your current dependencies will fix bugs or introduce features that you need in versions that upgrade their peer dependency to 5.x, so you have to use 5.x. Because the package itself will fix certain bugs that exist in 3.x but will only fix them in 5.x, so you have to use 5.x.


You can always submit a PR upstream or just fork the dependency. Ignoring the problem or new feature works too.


At the vast majority of companies, if you said to your colleagues “just fork the dependency”, they would look at you like you must be high.


Forking JS packages is easy so I would say those engineers lack passion. Not uncommon unfortunately.


Forking JS packages and maintaining those forks is sometimes technically easy, but it is usually not institutionally easy. Your bosses who actually decide whether you have permission to create and maintain the fork have no regard for your passion when making that decision.


Ignoring security vulnerabilities tends to not work out so well. And sure, you can submit a PR. It might not get merged. Sure, you can just fork it. At that point you might as well use htmx.


I'm certain patching a package is less work than rewriting a project. You should do whatever your heart wants though.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: