HACKER Q&A
📣 tomalaci

How do you evaluate external dependencies?


Whenever I need to pull in an external / third-party dependency I tend to evaluate following things, in order of priority:

1. License

2. How active is it (last commit, amount of em, etc.)

3. How many owners and contributors does it have

4. How deep is the dependency tree of the... dependency

5. Community support

It would be nice to know what other criteria there is used by others. How do you decide which dependency to pull in? How do you decide the threshold of when you should roll your own implementation vs pulling in an external dep?

  👤 acemarke Accepted Answer ✓
I wrote a post a while back with a list of 30-some criteria I could think of, and linked to several other useful lists:

- https://blog.isquaredsoftware.com/2020/09/coding-career-advi...

👤 ggm
How big is the issues list and if the author is responsive. This doesn't have to mean a huge list of issues is a problem, it's contextual. It's just not a good sign, where contrariwise, a stable v1.2 with no issues and no update might just be perfect code.

You're on the money with recursing the question.

👤 pestatije
How popular it is...is it the default go-to lib or some other