Ask HN: What do you look for when reviewing 3rd party dependencies? https://ift.tt/uYDIkGs As downloading and using 3rd party dependencies ...
Ask HN: What do you look for when reviewing 3rd party dependencies? https://ift.tt/uYDIkGs As downloading and using 3rd party dependencies is as normal as writing code nowadays, it feels like the process of reviewing said dependencies has fallen out of fashion. Normally (or "back in the day" rather) you'd read through the code, see if it's of "maintainable" quality in case you're gonna have to fork it, see if the code quality is at least average, the author being consistent, having good tests and so on. But today I see people just pulling down fresh 3rd party dependencies just because their peers are using the same ones, or going by number of GitHub stars to see if it's OK to use. If you're reviewing dependencies before using them, what kind of things are you looking for? Is there something obvious that would immediately make you reject the dependency outright? If you're not, do you go by some other metrics or even feelings to understand if it's OK to depend on this dependency or not? 1
No comments