Dependency minimalism (writing software that deliberately tries to have as few dependencies as practical) is a really underrated virtue imo.

Every single dependency is a risk that "something will go wrong" during someone's installation process. Installing projects with hundreds of dependencies and walking through errors can be incredibly frustrating.

yeah, first thing I check on a repo is the package.json and it hurts my eyes when I am expecting a small repo and finding tons of dependencies.. when we are managing great amounts of money.. this virtue becomes essential.. to preserve security.. too

anyway.. if the attack is in libraries like this recent web3 library attack (in solana).. it is the main library and one of the most used like viem or ethers.. (in ethereum).. we are all fckd.. (sorry on the experssion but it is what it is)