
AI Summary
Game developers have long committed their dependencies to ensure build reliability. Should mainstream web and software developers follow suit to prevent supply chain failures?
- •Nathan Flurry advocates for committing all dependencies to a project repository, a standard practice in game engine development.
- •Proponents on Hacker News note that this approach ensures build reproducibility and prevents failures caused by upstream package registry outages.
- •Critics and commenters highlight that while beneficial for small to medium projects, this practice can cause repository bloat and slow down cloning for massive, dependency-heavy codebases.
Software engineer Nathan Flurry recently proposed that application developers adopt the game industry's practice of committing all external dependencies directly to version control. While standard web development relies on package managers like npm or pip to fetch code at build time, Flurry argues that localizing dependencies eliminates reliance on third-party availability. This approach prioritizes build stability and security over repository size, creating friction for teams managing massive dependency trees. Whether this shift gains traction likely depends on whether improved storage solutions outweigh the overhead costs for modern enterprise teams.
Sources
Topics
Get the story before everyone else.
1-minute briefings. Zero noise. Straight to your inbox.
Join 1,200+ readers
Discussion
No comments yet. Be the first to start the conversation!