This might have been true back in the day before security issues were a thing, but it no longer holds true.
Particularly the case in public web apps.
If someone isn’t maintaining it, don’t use it.
(Obviously it depends; for a test framework, clearly not true, but for example for the “LEGO block” you pick for auth, or say, XML parsing... yes, it matters; the point here is specifically that the “take what you want” approach to a web framework results in scattered maintenance models for different components, and that is categorically bad for long term maintenance of a web app)
If there is no activity on the repo it doesn't mean that someone is not maintaining it.
Oh, like framework developers always know which LEGO block to include in their framework. Like Rails had no vulnerabilities in the past.
> If someone isn’t maintaining it, don’t use it.
Well, good luck with not using 3/4 (or even more) of software in existence. I bet the kernel that is running on your laptop depends on the software that hasn't been updated for 30 years.
This might have been true back in the day before security issues were a thing, but it no longer holds true.
Particularly the case in public web apps.
If someone isn’t maintaining it, don’t use it.
(Obviously it depends; for a test framework, clearly not true, but for example for the “LEGO block” you pick for auth, or say, XML parsing... yes, it matters; the point here is specifically that the “take what you want” approach to a web framework results in scattered maintenance models for different components, and that is categorically bad for long term maintenance of a web app)