This page shows the source for this entry, with WebCore formatting language tags and attributes highlighted.
Title
How to evaluate dependencies
Description
As software developers, we are constantly making the decision between <i>make</i> or <i>buy</i>.
Deciding to <i>make</i> something carries with it the obligation to design, develop, test, document, and support it. You'll have everything under your control, but you'll also have to do everything yourself.
If a component is not part of your project's <i>core functionality</i>, then it's often a good idea to look around and see if you can find someone who's already built that functionality. Optimally, the component you find will be free and open-source and will have been built by a team whose aim was to provide exactly that functionality.
Because they've focused on <i>their</i> task, it's more likely to be a robust solution to your problem that what you would write yourself (focused, as you hopefully are, on <i>your</i> task). Their solution might go a bit too far (see "Size/Focus"), but that might be fine too (see "Extensibility").
<i>Is</i> the component good, though? What do we mean by "good"? How can we tell? How do we go about sizing up a dependency?
<h>Facets</h>
The following table outlines various facets to consider.
<h>Legal</h>
<dl dt_class="field">
License
See the <a href="https://utch.usternet.com/departments/RD/Global%20Software/Forms/AllItems.aspx?RootFolder=%2fdepartments%2fRD%2fGlobal%20Software%2fOSSPolicy&FolderCTID=0x0120007BCBD1FD5E6DF149A35D12376C7C922E">Uster OSSPolicy</a> for compliance information
Cost
Free? One-time fee? Per-seat license?
</dl>
<h>Organizational</h>
<dl dt_class="field">
Maturity
How long has the product been around?
Activity
When was the last commit? The last release?
Maintenance Status
Is the project actively maintained? How long is the issue list? Are bugs addressed?
Popularity
How many stars? Is it widely used?
Community
Do questions get answered? Is there help on StackOverflow?
Reputation
Are there known issues with the product or maintainers?
</dl>
<h>Technical</h>
<dl dt_class="field">
Documentation
Is it sufficient? Are there good examples or tutorials?
Configuration
Can you just include the package? How is the configuration? Does it follow platform standards?
Size / Focus
Does it do one thing well? Or many other things you don't need?
Extensibility
How easy is it to extend the package for additional use cases? Will that matter to your project?
Efficiency / Performance
For this you have to know your non-functional requirement
Portability
Does it work on all target platforms and run-times? Are there unreasonable restrictions?
Transitive Dependencies
What are its dependencies? Are those reasonable?
Quality
What sort of impression does the project make overall? How does the code look?
</dl>
<h>References</h>
<ul>
<a href="https://www.justinhoward.org/a-dependency-checklist" author="Justin Howard" date="April 2021">A Dependency Checklist</a>
<a href="https://betterprogramming.pub/how-to-choose-the-right-dependencies-for-your-project-310cdbbcb05e#2e34" author="Jamie Bullock" date="January 2020">How to Choose the Right Dependencies for Your Project</a>
</ul>