AppForce1 Podcast: news and information for iOS app developers
Attached

AppForce1 Podcast: news and information for iOS app developers

Jeroen Leenarts

  • 226 Episodes
  • English
  • Last updated Jan 20, 2022
Become a member
Member feed access

Gain access to my member episodes.

Become a supporter
Coffee

Even a small amount will show your appreciation. If we ever meet in person I will return the favor.

I will thank you in my next episode.

Donate
Make a 1-time donation
If recurring donations is not your thing. You can also send me a single donation.
« Back to episodes

Third party dependencies

May 12, 2022 00:53:20

Send us a text

Shoutout to Jason Zurita for his article https://jasonzurita.com/the-hidden-cost-of-dependencies/

  1. What are third party dependencies? 
    1. Explain the distinction between: 
      1. 1st party, for iOS devs, anything in the iOS SDK.
      2. 2nd party dependencies, stuff integration from service provider you rely on. (You could call this a subset of 3rd party dependencies you really can not do without.)
      3. 3rd party, stuff you integrate because it saves your time or it is convenient
  2. Risks with 3rd party code 
    1. Complexity (thank you Jason) 
      1. Managing versions
      2. Try updating a dependency in a Node’js codebase.
      3. Build times, more code == more waiting
      4. 3rd party code problems are often now your problems 
        1. OSS frameworks only have a guarantee until the door
      5. 3rd party code often intertwines deeply with your implementation if you are not very careful 
        1. REALM or other data serialization libs are a great example
    2. Security 
      1. You choose to adopt all this third party code including all its warts, problems, issues and hidden problems. 
        1. Enterprises often require a 100 percent review of any third party code. There is a reason big corps at some point try and loose as many dependencies.
    3. Third party dependant developer syndrome (this is a fun one) 
      1. Not invented here syndrome should also be avoided though
  3. How to find third party dependencies 
    1. CocoaPods index.
    2. Swift Package Index, mention we sponsor them. Only mention this once briefly 
      1. We also sponsor Tuist
    3. Github and Google search
  4. Licensing an the app store 
    1. GPL is “difficult”
    2. An Apache or MIT type license is reasonable 
      1. If you are unsure, read up a bit on licenses. https://opensource.org/licenses
  5. How to choose to adopt a dependency 
    1. Just link it won’t do
    2. Review the dependency and project health on Github. 
      1. What quality checks does the project have in place?
      2. How does the support by the dev(s) look to you?
      3. Would you pay for this feature set if it wasn’t available for free? 
        1. If yes, WHY ARE YOU NOT SPONSORING THIS PROJECT?
  6. How to deal with dependencies in the long run? 
    1. Often you have to adopt the whole dependency as a whole at some point. 
      1. Openly: Publish pull requests, maybe even become a maintainer.
      2. Privately: Take the source, snip out anything you do

Stream makes it easy for you to seamlessly integrate real-time experiences into your application. Check out their Swift tutorial to learn how you can get started adding video or in-app messaging to your apps!

Lead Software Developer 
Learn best practices for being a great lead software developer.

Support the show

Rate me on Apple Podcasts.

Send feedback on SpeakPipe
Or contact me on Mastodon: https://hachyderm.io/@appforce1

Support my podcast with a monthly subscription, it really helps.

My book: Being a Lead Software Developer

Image
Title