The article discusses the feedback surrounding Rust dependencies, focusing on the rand crate as an example of a crate with a high number of dependencies versus actual usage. The author reflects on their experience upgrading the rand crate, highlighting the growth of its dependency tree over time. While acknowledging its utility, they raise concerns about the implications of such extensive dependencies on performance and security, especially when using rand, which is commonly utilized for generating random values such as UUIDs.
The rand crate does not appear very concerned about how many dependencies it has, raising questions about its value-to-dependency ratio.
After upgrading to the latest version of rand, I was surprised by how extensive the dependency tree had grown in just nine months.
Collection
[
|
...
]