Dependencies are dangerous
Update: 2024-07-03
Description
Dependencies! We need them, but how do we use them effectively and safely? In this week’s episode Kris is joined by Ian and Johnny to discuss the polyfill.io supply chain attack, the history of dependency management and usage in Go, and the Go Proverb that “a little copying is better than a little dependency”. Of course, we wrap up the episode with some Unpopular Opinions!
Changelog++ members save 5 minutes on this episode because they made the ads disappear. Join today!
Sponsors:
- Speakeasy – Production-ready, Enterprise-resilient, best-in-class SDKs crafted in minutes. Speakeasy takes care of the entire SDK workflow to save you significant time, delivering SDKs to your customers in minutes with just a few clicks! Create your first SDK for free!
Featuring:
- Kris Brandow – Twitter, GitHub
- Johnny Boursiquot – Twitter, GitHub, Website
- Ian Lopshire – Twitter, GitHub
Show Notes:
- Polyfill.io supply chain attack hits 100,000+ websites — all you need to know
- How Go Mitigates Supply Chain Attacks
- Go Proverbs
- A little copying is better than a little dependency
Something missing or broken? PRs welcome!
Comments
Top Podcasts
The Best New Comedy Podcast Right Now – June 2024The Best News Podcast Right Now – June 2024The Best New Business Podcast Right Now – June 2024The Best New Sports Podcast Right Now – June 2024The Best New True Crime Podcast Right Now – June 2024The Best New Joe Rogan Experience Podcast Right Now – June 20The Best New Dan Bongino Show Podcast Right Now – June 20The Best New Mark Levin Podcast – June 2024
In Channel