We desperately need to teach people when a 3rd party dependency is necessary and not just optional to save writing a single function (cough left pad cough).
Also when the dependency is really good but other considerations override it being a viable option like security or code ownership.
How we all didn’t collectively learn our lesson from left pad baffles me.
Yeah, the problem is the balance. In-house code sucks. Nobody outside the team tests your code. Self-developed code is not battle hardened. You can only use the skills available in your team and especially for specialist topics like databases, security or cryptography having in-house expertise is rare and expensive.
Using external dependencies sucks. You are dependant on externally developed code and on someone elses skills, quality controls and trustworthyness, and you usually don’t have time or ability to really verify any of that. Even a good dependency can get stuck in some kind of development hell (like e.g. OkHTTPClient) and not deliver updates for years, and supply-chain attacks are constant threat.
In the end both options suck for different reasons and it really depends on the scenario where one or the other is useful. Leftpad is an extreme example, but most options are less obvious.
It’s a double-edged sword and understanding when to re-use and when to re-implement is an art that goes wrong more often than right.
We desperately need to teach people when a 3rd party dependency is necessary and not just optional to save writing a single function (cough left pad cough).
Also when the dependency is really good but other considerations override it being a viable option like security or code ownership.
How we all didn’t collectively learn our lesson from left pad baffles me.
Yeah, the problem is the balance. In-house code sucks. Nobody outside the team tests your code. Self-developed code is not battle hardened. You can only use the skills available in your team and especially for specialist topics like databases, security or cryptography having in-house expertise is rare and expensive.
Using external dependencies sucks. You are dependant on externally developed code and on someone elses skills, quality controls and trustworthyness, and you usually don’t have time or ability to really verify any of that. Even a good dependency can get stuck in some kind of development hell (like e.g. OkHTTPClient) and not deliver updates for years, and supply-chain attacks are constant threat.
In the end both options suck for different reasons and it really depends on the scenario where one or the other is useful. Leftpad is an extreme example, but most options are less obvious.