Forge CMS
Forge has zero third-party dependencies in core.
Not "almost zero." Not "just a few small ones." Zero.
Most Go web frameworks pull in 15-30 transitive dependencies before you write a single line of your own code. Each one is an upgrade you didn't choose, a CVE that isn't yours but is now your problem.
Here's what zero actually means in practice. 🧵
#ForgeGo #golang #devtools
Apr 9 at 6:00amBuffer
Show threadForge CMSApr 9
Every dependency you add is a decision you didn't make.
A breaking change in someone else's v2. A security patch that lands at 11pm on a Friday. A subtle behaviour change that only surfaces in production.
The Go standard library is large, well-documented, and stable. For a web framework, it covers routing, HTTP, templates, crypto, JSON, and SQL. The question is why you'd reach for more before you need to.
Show threadForge CMSApr 9
Forge core: zero.
One opt-in: https://modernc.org/sqlite — a pure Go SQLite driver, no CGo. Swap it for PostgreSQL with one line change; the application code doesn't change.
One go get, one binary, one file to audit.
https://forge-cms.dev has been running in production since March. €3.49/month on @hetzner.
→ https://github.com/forge-cms/forge