Is it bad form to patch a dependency? (programming.dev)

submitted 5 days ago* (last edited 5 days ago) by staircase@programming.dev to c/programming@programming.dev

14 comments fedilink hide all child comments

My code depends on a library that makes liberal use of patching (replacing text in source code) for its own dependencies. I feel this is bad form, because, for example, that dependency may now conflict irreconcilably with another dependency of mine.

Am I right in thinking patching code is bad form?

you are viewing a single comment's thread
view the rest of the comments

[-] fruitycoder@sh.itjust.works 1 points 4 days ago

Bad form. Breaks SLSA some. Breaks some CVE tracking tools too.

If the patch introduces a vulnerabilty or breaking issue how would it be tracked?

this post was submitted on 01 Apr 2026

12 points (100.0% liked)

Programming

26399 readers

392 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Follow the programming.dev instance rules
Keep content related to programming in some way
If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities !webdev@programming.dev

founded 2 years ago

MODERATORS

snowe@programming.dev

Ategon@programming.dev

UlrikHD@programming.dev

bugsmith@programming.dev

Spyro@programming.dev