You should probably turn off Dependabot
Nonsense, most of these supply chain attacks are detected and have their problematic versions pulled within a few hours. Just set a cooldown period for dependabot.
this post was submitted on 02 Apr 2026
1 points (100.0% liked)
Programming
26901 readers
302 users here now
Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!
Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.
Hope you enjoy the instance!
Rules
Rules
- Follow the programming.dev instance rules
- Keep content related to programming in some way
- If you're posting long videos try to add in some form of tldr for those who don't want to watch videos
Wormhole
Follow the wormhole through a path of communities !webdev@programming.dev
founded 2 years ago
MODERATORS
Favour programming languages with a good and stable standard library.
I think the only mainstream language with a standard library that is both good and comprehensive is Go. All of the others either have smaller standard libraries (e.g. Rust) or poorly designed ones (Python).
Java, .net and C++ have standard libraries that are much bigger and much more battle tested than the one of Go.
I haven't used Java for decades and never used .net so I'll take your word for those. Absolutely not for C++ though.
Go's standard library has:
- JSON, XML, etc.
- A web client and server
- Bigints
- Logging
- JPEG, PNG and GIF
- SQL client
- SSH client
- All the crypto algorithms
- Gzip, zlib, deflate, etc.
C++ has none of that. Hell C++ only got a function to check if a string starts with a prefix a few years ago.