A great majority of the web is built on open source software. Approximately two-thirds of public servers on the internet run a *nix operating system, and over half of those are Linux. The most popular server-side programming languages also tend to be open source (including my favorite, Ruby). This post is about adding a new open source library to an existing code base. What questions should you ask before adding such a dependency to a production application?
- Is the project written in a language you support? Is it in a language you support? If not, is it compatible (e.g. through stdin/stdout or by compiling to your language of choice)?
- Is the project in a version of of the language you support? If it’s written in Python 3 and you only support Python 2, for example, using this library could lead to headaches.
- Can you use the project in your framework of choice (e.g. Rails or Django)?
- Are there conflicts with other libraries or packages you’re currently using? (This is probably the hardest question to answer, and you might not know until you try it.)
- Are there unit tests?
- Are there integration tests?
- What is the test coverage like?
- Do the tests run quickly?
- Are the tests clearly written?
- Is the project actively maintained? When was the last commit?
- Does the community have a civil, professional style of debate and discussion?
- Is there only one developer/maintainer who knows everything? This doesn’t have to be a deal breaker. However, if there is a single gatekeeper you should make sure you understand the basics of the code and could fork the project if necessary.
This is by no means an exhaustive list but these questions can serve as a useful checklist before adding an open source as a dependency for your project.