This post is part of the Before Your Code Runs series, cataloguing the hidden, implicit code execution surfaces in programming language runtimes and toolchains. Node.js and npm sit underneath a huge chunk of the modern web. It’s the runtime that made JavaScript a “real” backend language, and npm is the largest package registry in the world. That’s a lot of trust in a lot of code. Here’s roughly what happens when Node starts:...
Disclaimer: Just a heads up, while we’re diving into ways to tackle the problem of dependency depreciation, there’s no one-size-fits-all solution here. It’s a bit of a wild ride dealing with supply chain security and those pesky deprecated dependencies, so don’t expect a quick fix! The issue of using deprecated dependencies has persisted for quite some time, and it’s gaining increased attention. Many projects continue to incorporate deprecated dependencies. I was inspired to write this blog after coming across a LinkedIn post by Rory McCune and several other posts over the past few weeks....