Adding a dependency to a software project is hard to revert in the future. How can we choose them wisely?
This should be obvious. But there’s more to it:
- Does it disable / interfere with another package?
- Does it do the thing we want to do in the future?
Think about: further packages
And: system calls.
How many people maintain it?
Is there a company behind it?
Usually we look for packages that always update to the latest version of rails
Caveat: There are packages that are done.
If stakes are high: we should pull the code and check:
- Can we understand it? In the case that we need to maintain it?
- Can we run tests?
If there’s a good wiki on github: good.
Is there a website? Even better.
This goes back to the usual discussion about:
- Speed / Robustness
How often has it been fixed?
Most important for security packages. Logins, Middleware.