Add daily email for 2024-06-13
Vetting third-party open-source software
This commit is contained in:
parent
1553fa80f3
commit
33b11d97de
1 changed files with 41 additions and 0 deletions
41
source/_daily_emails/2024-06-13.md
Normal file
41
source/_daily_emails/2024-06-13.md
Normal file
|
|
@ -0,0 +1,41 @@
|
|||
---
|
||||
title: Vetting third-party open-source software
|
||||
date: 2024-06-13
|
||||
permalink: daily/2024/06/13/vetting-third-party-open-source-software
|
||||
tags:
|
||||
- software-development
|
||||
- drupal
|
||||
- open-source
|
||||
cta: ~
|
||||
snippet: |
|
||||
How do you vet open-source software you're thinking of adding to your project?
|
||||
---
|
||||
|
||||
Open-source software, such as Drupal modules and themes, PHP libraries and Tailwind CSS plugins, is great.
|
||||
|
||||
Instead of writing everything from scratch, if someone else has written what you need, you can use it.
|
||||
|
||||
In the Drupal ecosystem, there's a saying - "There's a module for that!".
|
||||
|
||||
But, assuming you find a project that adds the functionality you need, you should review and vet it before adding it to your application.
|
||||
|
||||
Adding too many modules and libraries can cause performance issues, add a maintenance overhead, introduce upstream bugs and add potential security vulnerabilities.
|
||||
|
||||
As well as reading the code, here are some questions I ask and things I look for when deciding to add a project or not:
|
||||
|
||||
- Does it do what I need?
|
||||
- Does it add too much functionality? Is there a more minimal version that does what I need without the extra overhead?
|
||||
- Does it have a stable release? If there's only a development or alpha release (which are unstable and can break at any time), I wouldn't add it.
|
||||
- Is it extendable? Can I configure or extend it if I need to add more or alter it's default functionality?
|
||||
- How many other websites are using it? Websites like Drupal.org and Packagist will show usage statistics.
|
||||
- How many open issues are there?
|
||||
- When was the most recent commit and release?
|
||||
- Does it have automated tests? If so, are they passing?
|
||||
- Does it have a README.md file or other documentation?
|
||||
- Who are the maintainers?
|
||||
- Are they responsive to issues and accepting of outside contributions? If I find a bug, can I fix and contribute it?
|
||||
- Does the project have a published roadmap?
|
||||
|
||||
Finally:
|
||||
|
||||
Do I really need it?
|
||||
Loading…
Add table
Add a link
Reference in a new issue