Do .NET developers rely too much on third party libraries from NuGet?

Do we rely too much on third party libraries from NuGet?

Are we exposing our clients to risks here by taking on all these dependencies?

NuGet is both a blessing and a curse. It’s so easy to use but us devs just pull down dependencies without thinking about it and how it means we’ve created a reliance on libs that are sometimes only maintained by one person, who can do what they like with it. Obviously this is very relevant in light of recent events with #moq.

I get the “we shouldn’t reinvent the wheel” thing but sometimes we don’t need a whole wheel, we just need a hub, but yet we’ll still happily download some library even though we only need 5% of its functionality.

We use Mend (formerly WhiteSource) to scan packages for vulnerabilities on demand and in our pipelines and sometimes it can seem like a full time job to keep everything up to date.

Personally I always try to rely on as much of the ‘out of the box’ functionality as possible. What do you think?

Leave a Reply

Your email address will not be published. Required fields are marked *