How To Decide What Packages to Use

Adding a dependency to a software project is hard to revert in the future. How can we choose them wisely?


Does it fit our code base?

This should be obvious. But there’s more to it:

  • Does it disable / interfere with another package?
  • Does it do the thing we want to do in the future?

What other dependencies does it come with?

Think about: further packages

And: system calls.

Is it well maintained?

How many people maintain it?

Is there a company behind it?

Is it updated frequently?


Usually we look for packages that always update to the latest version of rails

Caveat: There are packages that are done.

Is it well-tested?

If stakes are high: we should pull the code and check:

  • Can we understand it? In the case that we need to maintain it?
  • Can we run tests?

Is it documented?

If there’s a good wiki on github: good.

Is there a website? Even better.

How much control are we losing?

This goes back to the usual discussion about:

  • Flexibility
  • Speed / Robustness

Has there been security issues in the past?

How often has it been fixed?

Most important for security packages. Logins, Middleware.

1 min read

Till Carlos

I'm Till, a senior developer who started a software company. I explain software concepts for people in leading roles.