Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Node also has a built-in server and SQLite these days though? Or if you want a lot more functionality with just one dependency, Hono is great.


And how many dependencies does Hono have? Looks like about 26. And how many dependencies do those have?

A single static zig executable isn’t the same as a a pipeline of package management dependencies susceptible to supply chain attacks and the worst bitrot we’ve had since the DOS era.


> And how many dependencies does Hono have?

Zero.

I'm guessing you're looking at the `devDependencies` in its package.json, but those are only used by the people building the project, not by people merely consuming it.


That doesn't prevent supply chain attacks. Dev dependencies are still software dependencies and add a certain level of risk.


This is needlessly pedantic unless you are writing from an OS, browser, etc. that you wrote entirely by yourself, without using an editor or linter or compiler not written by you, in which case I tip my cap to you.


Only in the sense that any other software on the developers' machines adds a certain level of risk.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: