Package Managers: Pandora's Box of Programming?
This article critically examines the downsides of package managers in programming languages. The author argues that package managers automate "dependency hell," masking project complexity, and leading to excessive trust in third-party code. Especially in languages lacking robust standard libraries, inconsistent package definitions by different managers can even lead to "package manager managers." The author advocates for manual dependency management, believing it forces developers to think critically about dependencies and improves code stability and maintainability. While acknowledging the time cost, the author argues the security and control outweigh the convenience of automation, using Go's comprehensive standard library as an example.