How To Decide What Packages to Use

Adding a dependency to a software project is hard to revert in the future. How can we choose them wisely?

thumbnail

Does it fit our code base?

This should be obvious. But there’s more to it:

  • Does it disable / interfere with another package?
  • Does it do the thing we want to do in the future?

What other dependencies does it come with?

Think about: further packages

And: system calls.

Is it well maintained?

How many people maintain it?

Is there a company behind it?

Is it updated frequently?

example

Usually we look for packages that always update to the latest version of rails

Caveat: There are packages that are done.

Is it well-tested?

If stakes are high: we should pull the code and check:

  • Can we understand it? In the case that we need to maintain it?
  • Can we run tests?

Is it documented?

If there’s a good wiki on github: good.

Is there a website? Even better.

How much control are we losing?

This goes back to the usual discussion about:

  • Flexibility
  • Speed / Robustness

Has there been security issues in the past?

How often has it been fixed?

Most important for security packages. Logins, Middleware.

1 min read
Outline

Till Carlos

I'm Till, a senior developer who started a software company. I explain software concepts for people in leading roles.