Third party dependencies
May 12, 2022 • 00:53:20
Shoutout to Jason Zurita for his article https://jasonzurita.com/the-hidden-cost-of-dependencies/
- What are third party dependencies?
- Explain the distinction between:
- 1st party, for iOS devs, anything in the iOS SDK.
- 2nd party dependencies, stuff integration from service provider you rely on. (You could call this a subset of 3rd party dependencies you really can not do without.)
- 3rd party, stuff you integrate because it saves your time or it is convenient
- Explain the distinction between:
- Risks with 3rd party code
- Complexity (thank you Jason)
- Managing versions
- Try updating a dependency in a Node’js codebase.
- Build times, more code == more waiting
- 3rd party code problems are often now your problems
- OSS frameworks only have a guarantee until the door
- 3rd party code often intertwines deeply with your implementation if you are not very careful
- REALM or other data serialization libs are a great example
- Security
- You choose to adopt all this third party code including all its warts, problems, issues and hidden problems.
- Enterprises often require a 100 percent review of any third party code. There is a reason big corps at some point try and loose as many dependencies.
- You choose to adopt all this third party code including all its warts, problems, issues and hidden problems.
- Third party dependant developer syndrome (this is a fun one)
- Not invented here syndrome should also be avoided though
- Complexity (thank you Jason)
- How to find third party dependencies
- CocoaPods index.
- Swift Package Index, mention we sponsor them. Only mention this once briefly
- We also sponsor Tuist
- Github and Google search
- Licensing an the app store
- GPL is “difficult”
- An Apache or MIT type license is reasonable
- If you are unsure, read up a bit on licenses. https://opensource.org/licenses
- How to choose to adopt a dependency
- Just link it won’t do
- Review the dependency and project health on Github.
- What quality checks does the project have in place?
- How does the support by the dev(s) look to you?
- Would you pay for this feature set if it wasn’t available for free?
- If yes, WHY ARE YOU NOT SPONSORING THIS PROJECT?
- How to deal with dependencies in the long run?
- Often you have to adopt the whole dependency as a whole at some point.
- Openly: Publish pull requests, maybe even become a maintainer.
- Privately: Take the source, snip out anything you do
- Often you have to adopt the whole dependency as a whole at some point.
Stream makes it easy for you to seamlessly integrate real-time experiences into your application. Check out their Swift tutorial to learn how you can get started adding video or in-app messaging to your apps!
Lead Software Developer
Learn best practices for being a great lead software developer.
Rate me on Apple Podcasts.
Send feedback on SpeakPipe
Or contact me on Mastodon: https://hachyderm.io/@appforce1
Support my podcast with a monthly subscription, it really helps.
My book: Being a Lead Software Developer