In short, I think it’s become entirely too easy for people using certain programming languages to use libraries from the wide world of clowns that is the Internet. Their ecosystems make it very very easy to become reliant on this stuff. Trouble is, those libraries are frequently 💩. If something about it is broken, you might not be able to code around it, and may have to actually deal with them to get it fixed.

Repeat 100 times, and now you have a real problem brewing.

I have a simple rule: never use a dependency that you could replace with an afternoon of programming.

No dependency is so self-explanatory that you will be able to get it working with less than a few hours of:

  • Searching online to see what solutions to the problem exist.
  • Reading the docs to make sure it actually works for your problem.
  • Reading the code to make sure it’s not complete 💩.
  • Actually wiring it up in your dependency system.
  • Figuring how to tell the dependency to solve your problem.

If you spent that same amount of time writing your own tool:

  • You’ll know exactly how it works and what its shortcomings are.
  • You’ll have something that solves exactly your problem instead of a general problems, so it is certainly shorter and often faster.

Many times, the best approach is first searching online and reading the code to a few other solutions, then writing your own with the knowledge you’ve gained from seeing how they work.

There is an argument that dependencies solve bugs so you don’t have to. This can be true, but it’s also true that a general solution will have many bugs that you don’t care about in your specific solution because it is much harder to write a general program than a specific one.

The long and the short of it is that any code that can be written in less than an afternoon should be handled yourself.

And don’t forget about this:

There’s a predictable cycle in software ecosystems. Unix, Perl, Windows, Python, PHP/Wordpress… All have followed a pattern where first the standard library is great, then user libraries take off, then there’s DLL hell, finally it’s overrun by low quality user-made libraries.

The dialectic of dependencies

— Carl Johnson (@carlmjohnson) April 7, 2018