Hacker News new | past | comments | ask | show | jobs | submit login
Don't write your own framework (stitcher.io)
6 points by brendt_gd 19 days ago | hide | past | web | favorite | 10 comments



Since more hands work on open source projects the chances for such vulnerabilities are minimized, but not eliminated. Despite that, more secure is better than less secure. There are some dangers to using OS as well though. Once a vulnerability is found, it is only a matter of execution and our own sites' security can be compromised. The idea should be to know our tools as much as we can.

Great article!,

I've been thinking about this a lot lately, sometimes I get tired of all the frameworks and tools that are available. I just want to build things. That's is why I decided to make a side project with purely PHP and jquery (yes jquery :). I am familiar with vue.js and react but lately, I notice that I am making less progress with frameworks such as nuxt.js and next.js. At the end of the day, you just want to get things done.

And there are quite a few examples of successful projects that don't use frameworks. Like e.g. nomadlist by @levelsio. They develop new features so quickly that I start to doubt frameworks more and more.

Don't get me wrong I think for many project frameworks are useful, but if you want to get a lot done and you don't want to focus too much on the techniques, I have doubts about your statement.


Thanks for sharing. But out of all frameworks out there for NodeJS, none could meet my requirement. None are easy to adapt. Hence I did make a small framework https://www.npmjs.com/package/@jaydadarkar/nitromvc inspired by Laravel.

I have mixed feelings about this. Big projects, while definitely having more capacity (engineering efforts, documentation, etc) than your local team, also have bugs. And sometimes serious ones. Plus, more often than not, those bugs are exploited via automated tools. Having a good custom framework will often be immune to these "low-hanging-fruit" scannings.

During my career, I've developed custom frameworks (way more than I wished for - at least 4), and they all came out of specific necessities - stuff existing frameworks either lack, or catered to the lowest common denominator that wouldn't fit the desired approach. Most of them started on top of existing frameworks, extending over time, upto a point where they basically replaced most or all functionality from the base framework. They weren't perfect, they had bugs, of course - but often worked quite better than the code they replaced.

The one thing I learned while doing this is that it works well - you start from a familiar, robust system, and focus your effort on what you need to improve on your specific scope (eg. module initialization, event handling, database extensions, templating, etc) over time and as needed and to cater your needs, but using a holistic approach - design for big picture, implement for a specific case that can be extended. However, there are some pitfalls with this approach to take into account - integration with the base framework should be well thought of, and clearly defined in a way to reduce coupling and avoiding the situation where you have to maintain your own dogfood as well as the integration with someone else's dogfood. This often isn't easy, and requires a bit of planning, but it can be done.


Such issues can appear everywhere. But if such bug will be found in widespread framework or CMS, zero-days will be exploited immediately by automated scanners (Drupal, Joomla and Wordpress had some in the history). So, protection through obscurity is some kind of protection too.


This is a very difficult approach in our industry as we face the challenge of not invented here, I do not need all that complexity (which actually ends up happening), this is just a quick project (are they ever) as many organizations build their own tools

I personally spend lots of time looking for pre-built solutions, its almost fanatical, after being burnt by my own home grow inventions (at the time)


its too late, i build my own PHP framework inspired by angular and built another for API(Clean Architecture) inspired by dotnetCore Web API -> https://packagist.org/packages/spatial/spatial the routing works like this https://packagist.org/packages/spatial/route i am just waiting for PHP 8's Attribute to implement in the routing. i now use angular with my Spatial Framework with Doctrine & Guzzle HTTP PSR


i (solo developer) currently have 10 apps/ apis as a single project and the routing was killing me. so i decided to create a route template to easily access the controllers. I personally encourage devs to write a framework just for learning. i discovered the Refection Class because of that.


The same could have happened with any ready-made framework. You'd still have to manually update 200 sites... :)

And even worse, a known vulnerability on a popular framework could have hit you harder.


Does the same hold true form home-grown CMS?



Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: