If anything, the log4j problem goes a long way to highlight that the "package hell" of node_modules isn't limited to JS apps. log4j is a problem that affects compiled apps written in a mature language. All of the usual complaints about JS apps apply (lots of dependencies, code that's not been audited, developers just adding things without proper consideration, etc), but without the usual "lol javascript isn't a real language!" undertone.
log4j is a problem that affects compiled apps written in a mature language
As a C developer, I disagree with the assertion that Java is a mature language. It's only 26 years old! (And in a practical sense even younger than that, since it has changed a lot since the early versions.)
Fully agree! The point I was trying for is that dependencies have to be managed -- something I've been blathering into the void for a decade, now, without any noticeable impact. Maybe now I'll get those juicy consulting gigs... ;)
It also shows that you have to care not only about the dependencies of your application, but also about the dependencies of applications that you use like Elasticsearch.
