Hacker News new | past | comments | ask | show | jobs | submit login

I build python servers. I've replaced most of the dependencies with just standard library code.

Removed Flask for http.server Removed requests for urllib

Removed requirements.txt Removed pip

Life is good




I use urllib.request to avoid having a dependency in little scripts, but I can't say I think that requests is a big supply chain risk.


It may not be the request package itself but a sub dependency. It only has a few from looking at the repo but something like flask can have a lot (especially with the plugins) and that’s a mainstream and well supported library




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: