Once a dependency turns into a security vulnerability, you can either replace it... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		brokegrammer 67 days ago \| parent \| context \| favorite \| on: How to make websites that will require lots of you... Once a dependency turns into a security vulnerability, you can either replace it, or write your own library like I suggested. It's more cost effective and time efficient than writing your own libraries from scratch for every project. For example, I'd rather install React Router for routing in a React app instead of writing my own routing library. I guess some people will reply "grrr React, just use static HTML bro". Okay cool.

teddyh 66 days ago [–]

> Once a dependency turns into a security vulnerability

How will you know if/when that happens?

Are you subscribed to the development channels of all your dependencies? Do you examine every one of their commits for security fixes?

Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact