This is just what modern languages have out of box. (Like rust and go.) it’s a true shame that web isn’t actually unified behind a type safe language with a single solid toolchain. It’s a huge pain to manage and I’m curious how much money it’s cost the industry. “Vite+” isn’t a true solution to that. There are many competing toolchains. And no default standardized one.
I'm not very familiar with Rust, but doesn't cargo pull a lot of external dependencies for most projects? I really like how Go can do everything with just the standard library, but I wasn't aware Rust was similar. For typescript we've moved our stuff to bun. It has it's own risk management perspective compared to node, but at least it's now possible to build web services without having to rely on a bunch of external dependencies. Which in our highly regulated business would require security policies for each dependency explaining the risks, why we accept them and how we mitigate them.
Cargo itself doesn't pull the dependencies, but yes to Rust's standard library being much more lean than Go. Bring your own HTTP, text templating, and such, but core data structures are provided.
Go gives you a bunch of goodies in the standard library.
Rust provides things like your build system, testing, and package management all together, which is what I assume OP meant.
> without having to rely on a bunch of external dependencies. Which in our highly regulated business would require security policies for each dependency explaining the risks, why we accept them and how we mitigate them.
How about the dependencies Bun is pulling? How did you ever managed to pass security policies with Bun which has so many segfaults that nobody even bothers to write CVEs for them.