Add daily email for 2024-06-13
Vetting third-party open-source software
This commit is contained in:
		
							parent
							
								
									1553fa80f3
								
							
						
					
					
						commit
						33b11d97de
					
				
					 1 changed files with 41 additions and 0 deletions
				
			
		
							
								
								
									
										41
									
								
								source/_daily_emails/2024-06-13.md
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										41
									
								
								source/_daily_emails/2024-06-13.md
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,41 @@ | |||
| --- | ||||
| title: Vetting third-party open-source software | ||||
| date: 2024-06-13 | ||||
| permalink: daily/2024/06/13/vetting-third-party-open-source-software | ||||
| tags: | ||||
|     - software-development | ||||
|     - drupal | ||||
|     - open-source | ||||
| cta: ~ | ||||
| snippet: | | ||||
|     How do you vet open-source software you're thinking of adding to your project? | ||||
| --- | ||||
| 
 | ||||
| Open-source software, such as Drupal modules and themes, PHP libraries and Tailwind CSS plugins, is great. | ||||
| 
 | ||||
| Instead of writing everything from scratch, if someone else has written what you need, you can use it. | ||||
| 
 | ||||
| In the Drupal ecosystem, there's a saying - "There's a module for that!". | ||||
| 
 | ||||
| But, assuming you find a project that adds the functionality you need, you should review and vet it before adding it to your application. | ||||
| 
 | ||||
| Adding too many modules and libraries can cause performance issues, add a maintenance overhead, introduce upstream bugs and add potential security vulnerabilities. | ||||
| 
 | ||||
| As well as reading the code, here are some questions I ask and things I look for when deciding to add a project or not: | ||||
| 
 | ||||
| - Does it do what I need? | ||||
| - Does it add too much functionality? Is there a more minimal version that does what I need without the extra overhead? | ||||
| - Does it have a stable release? If there's only a development or alpha release (which are unstable and can break at any time), I wouldn't add it. | ||||
| - Is it extendable? Can I configure or extend it if I need to add more or alter it's default functionality? | ||||
| - How many other websites are using it? Websites like Drupal.org and Packagist will show usage statistics. | ||||
| - How many open issues are there? | ||||
| - When was the most recent commit and release? | ||||
| - Does it have automated tests? If so, are they passing? | ||||
| - Does it have a README.md file or other documentation? | ||||
| - Who are the maintainers? | ||||
| - Are they responsive to issues and accepting of outside contributions? If I find a bug, can I fix and contribute it? | ||||
| - Does the project have a published roadmap? | ||||
| 
 | ||||
| Finally: | ||||
| 
 | ||||
| Do I really need it? | ||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue