me.vs.computer
← Back to blog

Adding a dependency is buying blind

February 5, 2026

Surprisingly, startups sometimes get acquired without the buyer scrutinizing code quality. I find it terrifying, but there are good reasons why this happens. Code quality is hard to measure and there’s no industry standard. The buyer might also be interested in data, talent or IP and not necessarily in the codebase.

The irony is that we do this as engineers all the time. Adding a dependency is copy-pasting code into your project. I normally look at how active the project is, stars on GitHub, known vulnerabilities, and whether it solves the problem at hand. However, it’s incredibly rare for engineers to deep dive into library internals before adding a dependency.

Basically buying blind.

Written by Martin Camacho

← Back to blog

Recent Posts

to blog

  • How much faster is an Alias A record vs a CNAME record on AWS Route 53?

    Mar 3, 2026

    Empirical DNS resolution times for track.vs.computer: CNAME beat Alias in my test. Why the theoretical 1-lookup advantage didn't show up.

    Read post →

  • Threadpull: Building an influence mapper with Claude and LangGraph

    Feb 25, 2026

    Lessons from building a political influence mapper—workflow, what worked, knob-turning traps, and learning from the codebase after the fact.

    Read post →

  • Building a Tracking Pixel

    Feb 21, 2026

    Implementing a tracking pixel from scratch using AWS API Gateway, Lambda, Kinesis, and S3.

    Read post →

  • 'npm left-pad' Incident

    Feb 6, 2026

    Reproducing the famous npm left-pad incident that broke the internet.

    Read post →

  • Adding a dependency is buying blind

    Feb 5, 2026

    A short reflection on how we add dependencies without deep code review.

    Read post →

  • Trailing Slash in URLs?

    Jan 30, 2026

    Reproducing a vintage security bug involving trailing slashes and directory listings.

    Read post →
Ask about Martin
Hi! Ask me anything about Martin's background, skills, or experience.