As software developers, we are constantly making the decision between <i>make</i> or <i>buy</i>. Deciding to <i>make</i> something carries with it the obligation to design, develop, test, document, and support it. You'll have everything under your control, but you'll also have to do everything yourself. If a component is not part of your project's <i>core functionality</i>, then it's often a good idea to look around and see if you can find someone who's already built that functionality. Optimally, the component you find will be free and open-source and will have been built by a team whose aim was to provide exactly that functionality. Because they've focused on <i>their</i> task, it's more likely to be a robust solution to your problem that what you would write yourself (focused, as you hopefully are, on <i>your</i> task). Their solution might go a bit too far (see "Size/Focus"), but that might be fine too (see "Extensibility"). <i>Is</i> the component good, though? What do we mean by "good"? How can we tell? How do we go about sizing up a dependency? <h>Facets</h> The following table outlines various facets to consider. <h>Legal</h> <dl dt_class="field"> License See the <a href="https://utch.usternet.com/departments/RD/Global%20Software/Forms/AllItems.aspx?RootFolder=%2fdepartments%2fRD%2fGlobal%20Software%2fOSSPolicy&FolderCTID=0x0120007BCBD1FD5E6DF149A35D12376C7C922E">Uster OSSPolicy</a> for compliance information Cost Free? One-time fee? Per-seat license? </dl> <h>Organizational</h> <dl dt_class="field"> Maturity How long has the product been around? Activity When was the last commit? The last release? Maintenance Status Is the project actively maintained? How long is the issue list? Are bugs addressed? Popularity How many stars? Is it widely used? Community Do questions get answered? Is there help on StackOverflow? Reputation Are there known issues with the product or maintainers? </dl> <h>Technical</h> <dl dt_class="field"> Documentation Is it sufficient? Are there good examples or tutorials? Configuration Can you just include the package? How is the configuration? Does it follow platform standards? Size / Focus Does it do one thing well? Or many other things you don't need? Extensibility How easy is it to extend the package for additional use cases? Will that matter to your project? Efficiency / Performance For this you have to know your non-functional requirement Portability Does it work on all target platforms and run-times? Are there unreasonable restrictions? Transitive Dependencies What are its dependencies? Are those reasonable? Quality What sort of impression does the project make overall? How does the code look? </dl> <h>References</h> <ul> <a href="https://www.justinhoward.org/a-dependency-checklist" author="Justin Howard" date="April 2021">A Dependency Checklist</a> <a href="https://betterprogramming.pub/how-to-choose-the-right-dependencies-for-your-project-310cdbbcb05e#2e34" author="Jamie Bullock" date="January 2020">How to Choose the Right Dependencies for Your Project</a> </ul>