Do you carefully consider the technical debt implications of introducing dependencies to your code before adding it to your code?

· · Web · 8 · 4 · 3

If you answered this either way, please leave feedback behind your justification in a reply to this toot.

@cadey if I'm writing code I'm expecting people to be using for years and years, I sure wouldn't pull in some hack library made in a rush and uploaded for Github points

perhaps a bit salty but being honest 

@cadey I don't think that I CAN do so

What does it mean to consider it?
Things I write myself might not be maintained much
Things I import might never get updated
Projects these days aren't often from big reliable organizations and the "just grab a package" attitude + |batteries NOT included" way of thinking has lead to fractured features, accidental library lock-in, and word-of-mouth programming

Its honestly an impossible nightmare for me

@cadey I add as few dependencies as possible, and when I do I carefully inspect the dependency itself, the implication and behaviour of its maintainer(s).

@cadey If there's a dependency, it'll cause me problems, so I try to minimise the number of dependencies.

If I'm considering a dependency that brings in a thousand others? I'll generally re-consider.

@cadey No, alas, as I'm usually hyper-focused on delivering new/any functionality in my personal projects/line of work.

@cadey I've been bitten too many times by additional considerations when it comes to updating. Upgrading dependencies can be troublesome, especially when coupled with upgrades to the runtime or stdlib forcing lock-step major-version changes of those dependencies.

@cadey i've been burned too much by code that falls out of maintenance or is only a 90% fit for what i want

i'd rather do less in a way i'm happy with than do more and be miserable about it

@cadey with single purpose dependencies, their technical debt is absolutely minimal, as it would be a (near) drop in replacement for that single task later.

but either way I think it's better than just reinventing wheels/just copying stuff in

@cadey Most of the time, the teams I work on are trying to do as much as possible with a small staff. Maybe I am hedging too much on the word "carefully"? We try to be conscious of the long term implications of dependencies but because of the size of the teams, it is just not realistic to bake everything from scratch.

@cadey I'd only load something that's distributed through the main repositories for the language (i.e. CPAN, composer-hub etc) and use a tagged version of the library.

So, yes I'm installing extra code so I don't have to write it, and handling it this way should mean I always have a known good version & it is unlikely to disappear overnight from the software repo.

@cadey My main free software project is #notmuch, and it's in C (with some creeping C++). The culture of dependencies is just different in C land. If nothing else, I can't rely on my users having a convenient package manager to install dependencies (apparently not all users use $YOURFAVELINUXDISTRO, who knew).

@cadey Adding a dependency means I gotta subscribe to an RSS feed (new tags in the GitHub/GitLab/Sourcehut repo) or subscribe to the project's "Announce" list if it has one. I then have to look through breaking changes and see if it added any antifeatures I should be worried about. In other words, it creates future work that will continue indefinitely.

If that's less work than doing it myself and I've decided that the maintainer is trustworthy, then I might add it.
@cadey Adding one entry to my RSS feeds tagged "Changelogs" "Dev" isn't a big deal when it can take seconds to read an update. It is a big deal if I have almost 100 feeds and dozing off for a week creates a backlog.

So I'm not afraid to add a tiny entry to the list, but I'll avoid it if I can.
Sign in to participate in the conversation
Interlinked MST3K

this is mst3k