Dependencies and code are both liabilities with maintenance costs. Devs chronically underestimate the cost of both, myself included.

I don’t get it, the dependencies are either needed or not. If needed that are either pulled from a project or written. So how are dependencies evil , is the rage against feature bloat pulling in dependencies ? Then the issue is the bloat

Functionality is either needed or it isn't, but it doesn't need to come from an external dependency. When it does, it probably comes with functionality you didn't need too. And as soon as you have a compile/runtime dependency on external code, your compile/execution environment needs to always have access to third party code. So that's bloat and complexity. You also give up control. Hopefully it ends up saving a bunch of time over developing it internally.

Hopefully an upgrade to an external library doesn't end up including another dependancy that happens to include some backdoor that steals all the credit card information in your database. Or a crypto miner in frontend code. Or introduces a bug that stops people from being able to checkout. Or the money package starts calculating slightly differently than your payments provider... Etc. etc.

Or even just plain remove the API you were using in yet another redesign.

Which version of react-router are we on by now? Surely it must be done by now :-/

This topic is beaten to death in Philosophy of Software Design - I really, really do recommend it.

> I don’t get it, the dependencies are either needed or not.

Some developers' judgement about needed dependencies can be suspect though: https://news.ycombinator.com/item?id=29241943