Giter Site home page Giter Site logo

Forced errors dependency about csrf HOT 4 CLOSED

gorilla avatar gorilla commented on August 22, 2024
Forced errors dependency

from csrf.

Comments (4)

elithrar avatar elithrar commented on August 22, 2024

from csrf.

gopherfortress avatar gopherfortress commented on August 22, 2024

Hey thanks for replying. It's not so much a problem per se but as I said before, it forces projects (or libraries) that want to use gorilla/csrf to bring along an extra dependency, lightweight or not. I call it "extra" because it is not fundamental to gorilla/csrf as is gorilla/securecookie.

If we assume a project that depends on 10 small and good packages like gorilla/csrf and each of them brings along a extra lightweight dependency then the project now has 20+ dependencies out of the blue.

I believe It is a good practice to keep libraries as self contained and lean as possible especially one as important to the ecosystem as gorilla/csrf.

from csrf.

elithrar avatar elithrar commented on August 22, 2024

from csrf.

gopherfortress avatar gopherfortress commented on August 22, 2024

There is no doubt that pkg/errors is an awesome package and pretty convenient but gorilla/csrf can easily do without it. It can't do without gorilla/securecookie though. That's the key difference.

I believe that If we do not try to minimize our dependencies we might eventually end up other like other language ecosystems where it is the norm for each library to bring along sneaky small dependencies and the end project accumulating dozens, or even hundreds of dependencies. Some codebases can go as far as to copy small dependencies to keep the dependency tree at a minimum. Or to reference the Go proverb: "A little copying is better than a little dependency." This practice is even more important for libraries that can be imported by other libraries before they end up in a project.

Anyways, you made it clear that there are no plans to remove the dependency and it seems we have a different philosophy on the subject so I believe there is nothing else to discuss. Thanks for listening.

from csrf.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.