Is anyone else worried about the massive amounts of bundled third-party libraries that come with each app from a security, rather than a size, perspective? What happens when such a library receives a security patch? AFAIK it's up to each developer to keep all bundled libraries up-to-date, which means that, realistically, everyone is shipping lots of vulnerable stuff and they don't even know it.
"This shirt is dry clean only, which means it's dirty."
Yes that's exactly what it means, React has 630 dependencies so 630ish separate libraries and components. You might even stop updating a component since the new versions change the interface and end up breaking sections of your codebase.
The idea is that because it's all open sourced, all the vulnerabilities will be found and patched. But more often than not you just end up missing the small notification from the maintainers telling you to update.
"This shirt is dry clean only, which means it's dirty."