The problem is that it’s not a supply chain. It’s a supply tree structure. Your ten dependencies might have ten dependencies each, which might in turn have ten dependencies each. cough cough node
The only path forward is for responsible developers to reduce external dependencies, and for each of the library maintainers to reduce external dependencies as well.
The problem is that it’s not a supply chain. It’s a supply tree structure. Your ten dependencies might have ten dependencies each, which might in turn have ten dependencies each. cough cough node
The only path forward is for responsible developers to reduce external dependencies, and for each of the library maintainers to reduce external dependencies as well.