DEV Community

AppForce1: News and info for iOS app developers

Third party dependencies

Shoutout to Jason Zurita for his article https://jasonzurita.com/the-hidden-cost-of-dependencies/

  1. What are third party dependencies? 
    1. Explain the distinction between: 
      1. 1st party, for iOS devs, anything in the iOS SDK.
      2. 2nd party dependencies, stuff integration from service provider you rely on. (You could call this a subset of 3rd party dependencies you really can not do without.)
      3. 3rd party, stuff you integrate because it saves your time or it is convenient
  2. Risks with 3rd party code 
    1. Complexity (thank you Jason) 
      1. Managing versions
      2. Try updating a dependency in a Node’js codebase.
      3. Build times, more code == more waiting
      4. 3rd party code problems are often now your problems 
        1. OSS frameworks only have a guarantee until the door
      5. 3rd party code often intertwines deeply with your implementation if you are not very careful 
        1. REALM or other data serialization libs are a great example
    2. Security 
      1. You choose to adopt all this third party code including all its warts, problems, issues and hidden problems. 
        1. Enterprises often require a 100 percent review of any third party code. There is a reason big corps at some point try and loose as many dependencies.
    3. Third party dependant developer syndrome (this is a fun one) 
      1. Not invented here syndrome should also be avoided though
  3. How to find third party dependencies 
    1. CocoaPods index.
    2. Swift Package Index, mention we sponsor them. Only mention this once briefly 
      1. We also sponsor Tuist
    3. Github and Google search
  4. Licensing an the app store 
    1. GPL is “difficult”
    2. An Apache or MIT type license is reasonable 
      1. If you are unsure, read up a bit on licenses. https://opensource.org/licenses
  5. How to choose to adopt a dependency 
    1. Just link it won’t do
    2. Review the dependency and project health on Github. 
      1. What quality checks does the project have in place?
      2. How does the support by the dev(s) look to you?
      3. Would you pay for this feature set if it wasn’t available for free? 
        1. If yes, WHY ARE YOU NOT SPONSORING THIS PROJECT?
  6. How to deal with dependencies in the long run? 
    1. Often you have to adopt the whole dependency as a whole at some point. 
      1. Openly: Publish pull requests, maybe even become a maintainer.
      2. Privately: Take the source, snip out anything you do not need. Make it your own... But always respect the original license terms.
      3. Say goodbye



Please rate me on Apple Podcasts.

Send me feedback on SpeakPipe
Or contact me through twitter

Newsletter, sign up!

My book: Being a Lead Software Developer

Runway
Put your mobile releases on autopilot and keep the whole team in sync throughout.

Lead Software Developer 
Learn best practices for being a great lead software developer.

Support the show

Episode source