Please, do not install every shit


I am working on React app with couple of other developers. And you know it, you need this component, that functionality, etc. so you google it, install the package and the work is done. Is it ok to work like this? Do you even know what exactly you added to your project and do you really need it?

I give you an example. There were to tasks related to more or less the same functionality. I had to create a side bar that could scroll you to the correct section and then there was a button on top of one page that should scroll you to another section.

What I did

I search the internet and read how to scroll user to an element. Of course, lot of solutions uses jQuery but you can find a pure ( VanillaJS ) solution. Then you can compare those solutions and see the difference. Pure JS has 35 rows of code ( with comments ). So you copy-paste this solution -> try it -> works -> done!

When it is something more complex I add link to the source in to comment.

What the other developer did

He did pretty much the same. Search the internet, found scrolling package, installed it and tried it. It works, task done!


Now, I really do not want to write about how he used it.

componentWillMount() {
  /**This hack only for server side rendering*/
  scrollToComponent = require('react-scroll-to-component');


I want you to think about it. Is it worth it to install another package rather than write ( or copy-paste ) 35 lines of code? BTW that dependency has 2 other dependencies and they have 4 other dependencies. So maybe you think you just added 1 dependency, but in fact, you added lot of foreign code. I do not consider this to be good pattern.

What do you think about it? What is your way to do things like this?


Pavel Evstigneev 19.02.2018 16:20

It's common problem for someone who just start to program, or already have some experience but didn't learn underlying complexity.
IMO not much we can do about it: try to explain with some examples or just wait until they learn this lesson themselves. For team leaders, may be can introduce some rules like "no require inside functions" and add total number of dependencies (including child dependencies) to commit message when adding some package.

kp 19.02.2018 16:22

The developer of that library has probably put more thoughts into than the one who provided the code snippet for copy&paste. Usually a library like that has tests and some documentation. The maintainers will usually even fix bugs for free. For the copy&paste code you likely have to provide all that yourself.

Chuck 19.02.2018 16:39

A lot of developers work like this, unfortunately. They just stitch together other people's packages to get their job done quicker. It's sloppy and I don't like it. But I understand the unrealistic time constraints many people are under that necessitates this behaviour.

dos 19.02.2018 17:12

@kp: have you seen that library? It's basically a short snippet packaged on npm.

Anon 19.02.2018 17:30

I think it's really a problem with current tools, namely, current way of package management current compilers. An ideal tool, merged compiler / package manager / analyzer, would analyze the dependencies' code for the functionality that is really used in current project, and strip away the code for functionality that's never used.
With right tools, problem solved.
How this is applicable to browsers (uncontrollable client platform) is less clear; maybe we need a compiler which emits intermediary representation for clients (in our case, browser JavaScript) which it can optimize itself.
Need to hurt selves less, just need to create the tools once.

Anon 19.02.2018 17:32

this comment system is shit

Anon2 19.02.2018 22:13

yep, this comment system really is shit... I'm sure they can find a better one that's third-party but theyre too stuck with building shit themselves that's not even half as good... the irony.

juffalow 19.02.2018 22:39

Thank you for the comments. And @Anon if something is not working or you know a better way how to do it, please let me know. Write here "this comment system is shit" is really not helpful.

P. S.: I know there are good comment systems available on the internet, but I didn't want to use them now. I wanted something easy, fast and without any registration / login. And this met all my requirements.

Some dude 20.02.2018 17:51

I had an interesting discussion during a job interview once: "Why do you need a database?" Well, I thought the idea was intriguing, so we explored it. "Why not just use windows' file system to store each object as an individual file?" "You need an index, you can just write a BerkeleyDB tree straight to disk too!" "Youre going to cache this stuff anyhow, so performance isn't that big of a deal, and you've removed a major third party dependency!" I aced the interview.

Then I spent the next 7 years of my career doing maintenance on a shitty home-brewed database instead of focusing on the application that ran on top of that crappy database.

Aside from lacking exposure to new technologies and going a little stagnant, it was actually a good experience for a junior developer to have. Added some good perspective on when it is and isn't a good idea to add dependencies.

Unknown 14.05.2018 01:00

I think this is one of the most important information for me.
And i am glad reading your article. But want to remark on few
general things, The website style is perfect, the articles
is really excellent : D. Good job, cheers

Louie 07.11.2018 11:29

Search engine optimization has become the thorn from lots of on-line advertising specialists
aspect. The truth is that companies who aren't using professional online advertising agencies to assist them together
with their marketing have included local into their internet sites and marketing, which means that they are probably currently getting penalized now from the top search engines.

Add new comment