Web Development

3435 readers

2 users here now

Welcome to the web development community! This is a place to post, discuss, get help about, etc. anything related to web development

What is web development?

Web development is the process of creating websites or web applications

Rules/Guidelines

Follow the programming.dev site rules
Keep content related to web development
If what you're posting relates to one of the related communities, crosspost it into there to help them grow
If youre posting an article older than two years put the year it was made in brackets after the title

Related Communities

Wormhole

[email protected]

Some webdev blogs

Not sure what to post in here? Want some web development related things to read?

Heres a couple blogs that have web development related content

https://frontendfoc.us/ - [RSS]
https://wesbos.com/blog
https://davidwalsh.name/ - [RSS]
https://www.nngroup.com/articles/
https://sia.codes/posts/ - [RSS]
https://www.smashingmagazine.com/ - [RSS]
https://www.bennadel.com/ - [RSS]
https://web.dev/ - [RSS]

Credits

Icon base by Delapouite under CC BY 3.0 with modifications to add a gradient

founded 1 year ago

MODERATORS

snowe

erlingur

Ategon

Need to know about npm (lemmy.ml)

submitted 1 month ago by [email protected] to c/webdev

11 comments fedilink hide all child comments

I'm following the odin project to learn web development. I had read about malicious packages in npm multiple times, so I avoided it until now. I'm on the webpack lesson now, and to use webpack, I need to install it using npm. I also see that it has many dependencies, and those dependencies will have other depenedencies and so on.

Why is it like this? Is there any other tool like webpack that doesn't require npm? Or rather, can someone clarify how to properly use npm or link a guide that explains it? I have this kind of fear and reluctance about using npm after all the things I read.

you are viewing a single comment's thread
view the rest of the comments

[–] Kissaki 10 points 1 month ago* (last edited 1 month ago)

You're good to keep your skepticism. If you trust them, the ones creating the tutorial to have vetted to a degree, or that a very popular package like that is vetted to a reasonable degree, you'll just go ahead with it. (Like most people do without questioning it.)

You'll need considerable experience and insight to do good, reasonable risk assessment. Without that, you can either trust and hope in others, or skip the ecosystem and look for alternative technologies.

It's also worth noting that your potential impact is considerable lower if you're only doing local test and development work, not publishing or publicly serving anything. I'm not personally familiar if or to what degree running arbitrary local commands has been limited in the npm ecosystem by now.