The balancing game
Intro
Dependencies exists in multiple shapes and forms in our software, some are easy to detect while other are hidden and insidious.
Common to all dependencies is that they have a great effect on the systems we create, in this short post ill try to make you aware on why its crucial to manage them properly and the damage that poor management can cause.
Where can we find them?
- In external libraries our code depends upon.
- Services that our systems use (Databases, external API's etc..).
- Operating system, packages its running, its kernel version etc..
- The hardware we deploy on, the network setup.
- People we depends upon like developers, clients, investors and of course users.
There are many other places that dependencies creep from just stop and think about it for a second.
Good or bad?
Like most things in life it depends (pun intended), any dependency can turn into a liability in the future.
It can make your code harder to change, OS upgrades harder or cause security issues, that said using the right dependency can reduce the amount of work you need to do while increasing reuse and security.
Managing dependencies is a balancing game and a delicate one at that, it takes experience and trial and error to learn which dependencies are good and which are better to avoid.
Do's and Don'ts
- Map the dependencies you have and track them under an SCM.
- Use dependency managers to manage them (create them if none exists).
- Trim dependencies once in a while, they tend to accumulate and grow like a wild plant.
- Keep dependencies up to date, postponing updates for too long can cause your system to stagnate (there are tools that track out of date dependencies).
- Minimize dependencies, sometimes its better to copy and paste a single function (assuming its self isolated) than to include a entire library.
- Don't over minimize and re-invent stuff if it exists already NIH.
Summary
Dependencies can really change the faith of a projects (and companies) once a dependency has set in it may be really hard to detach, be cautious and aware to both the challenge and reward that your dependencies present.
Footnotes:
- Lein Ancient and Gradle Versions are tools to track and report old dependencies.
- Gradle, Lein, Bundler, Pipefile are good examples of code dependency management tools.
- Apt, DNF and Chocolatey manage packages on a variety of OSes.
- Configuration management tools such as Puppet and Chef manage dependencies of deployed components.