Dev Tools · 1h ago
0deps Movement Proposes Eliminating External Dependencies for Security
The 0deps movement advocates for incorporating all dependencies directly into project repositories instead of relying on package managers. This approach aims to reduce software supply chain attack surface by ensuring every required library is under the developer's control. It also emphasizes immutable public contracts to allow security updates without breaking applications.
Meridian48 take
While the idea of zero external dependencies is appealing for security, it may be impractical for large-scale projects that rely on specialized libraries, and the overhead of maintaining vendored code could outweigh the benefits for many teams.
Read the full reporting
0deps Movement: Local Dependencies, Immutable Contracts, and Security by Design →
DEV Community
software-supply-chaindependency-management