We desperately need to teach people when a 3rd party dependency is necessary and not just optional to save writing a single function (cough left pad cough).
Also when the dependency is really good but other considerations override it being a viable option like security or code ownership.
How we all didn’t collectively learn our lesson from left pad baffles me.
Yeah, the problem is the balance. In-house code sucks. Nobody outside the team tests your code. Self-developed code is not battle hardened. You can only use the skills available in your team and especially for specialist topics like databases, security or cryptography having in-house expertise is rare and expensive.
Using external dependencies sucks. You are dependant on externally developed code and on someone elses skills, quality controls and trustworthyness, and you usually don’t have time or ability to really verify any of that. Even a good dependency can get stuck in some kind of development hell (like e.g. OkHTTPClient) and not deliver updates for years, and supply-chain attacks are constant threat.
In the end both options suck for different reasons and it really depends on the scenario where one or the other is useful. Leftpad is an extreme example, but most options are less obvious.
Well said. I find I have a hard time with trying to get devs who cut their teeth on Node to take a moment and think before just reaching for a dependency. A dependency might be the right move but taking a moment to consider is a bare minimum and most people don’t do that.
I’m trying to keep my panic over how that behavior translates to AI code in check but it’s a struggle given human behavior time and time again.
Ah, the ever-elusive, mysterious stage in my process - the one I can’t ever seem to move much before the “planning” and at least “beginning to implement” stages, and sometimes stubbornly comes even later than that.
Where’s
Yeah, other idiots.
It’s a double-edged sword and understanding when to re-use and when to re-implement is an art that goes wrong more often than right.
We desperately need to teach people when a 3rd party dependency is necessary and not just optional to save writing a single function (cough left pad cough).
Also when the dependency is really good but other considerations override it being a viable option like security or code ownership.
How we all didn’t collectively learn our lesson from left pad baffles me.
Yeah, the problem is the balance. In-house code sucks. Nobody outside the team tests your code. Self-developed code is not battle hardened. You can only use the skills available in your team and especially for specialist topics like databases, security or cryptography having in-house expertise is rare and expensive.
Using external dependencies sucks. You are dependant on externally developed code and on someone elses skills, quality controls and trustworthyness, and you usually don’t have time or ability to really verify any of that. Even a good dependency can get stuck in some kind of development hell (like e.g. OkHTTPClient) and not deliver updates for years, and supply-chain attacks are constant threat.
In the end both options suck for different reasons and it really depends on the scenario where one or the other is useful. Leftpad is an extreme example, but most options are less obvious.
Well said. I find I have a hard time with trying to get devs who cut their teeth on Node to take a moment and think before just reaching for a dependency. A dependency might be the right move but taking a moment to consider is a bare minimum and most people don’t do that.
I’m trying to keep my panic over how that behavior translates to AI code in check but it’s a struggle given human behavior time and time again.
Got caught in that trap at my first coding job. Made a sort formula and a sr dev asked my I didn’t just use the array.sort.
My answer: I didn’t know it was there.
Ah, the ever-elusive, mysterious stage in my process - the one I can’t ever seem to move much before the “planning” and at least “beginning to implement” stages, and sometimes stubbornly comes even later than that.