
Excuse me, your code is bleeding - AlienWebguy
https://medium.com/@seancannon/excuse-me-your-code-is-bleeding-5e89b2b3470f
======
gerfficiency
Putting the TLDR here because it's really good, and the minimum that one
should take from your great article:

The takeaway here is that not all third party code will jive with your app’s
intentions. Not all developers take security precautions. Not all libraries on
NPM are worthy of being a part of your application. The moment your own code
becomes the minority shareholder in the repo and you’re depending more other
developers around the world to keep your company afloat than you are yourself,
you better make sure you have vetted the code upon which you’re depending. If
the head of dev-ops tells you you can’t use a library, trust her judgement
before resorting to Millennial cynicism.

On our own projects and experimental R&D efforts, let’s have at it and make
bleeding edge code that changes every day. In a professional environment on
code that will be used in production in E-Commerce scenarios, though, for the
sake of all that is sane in the world, let it bake. Let the community vet it
for us! We need to build sites on stacks that don’t implement breaking-changes
every week simply because the primary contributor had a stylistic change of
heart. We need to use libraries and frameworks that recognize exploits and
take extra security measures. Customers trust us with their personal
information, credit card numbers, photos and media. We owe it to them to give
a shit.

