So, backstory on myself, I've been in development for over 14 years professionally. During this COVID era, I did a lot of studying, and I feel I made myself more well rounded in both front and back end development. I've been full stack now for the last 8 years, but my main focus was always more backend work. That said, I see some pitfalls in development that I would like to address. pitfalls that I am seeing in both frontend UI as well as backend services. Ironically, they are the same pitfall, and was brought to my attention during this most recent scare with Docker containers... one of which showed cryptocurrency malware embedded in stock docker images
So, my big gripe? It's 3rd party packages... and the vast dependence we put on them. From a frontend perspective... I ask the question... how many of you are using the most current version of Bootstrap / Jquery / etc? I feel to the more sites you have to maintain, the more updates you have to put in. Built your site around a framework (React / Angular), are you running on the latest version? We see all of these security holes and bug fixes being put in with every release, but we don't see developers frantically keeping their site up to date. Heck, my site I found out was running an old version of font-awesome and bootstrap, and I had updated the thing in April.
From a backend perspective, it's the same thing. How many developers play Russian roulette with there project getting the latest on their 3rd party dlls with npm or another package maintainer? And if you do, how much time is spent fixing broken or changed issues for each version? Even from a language perspective, If you are a python developer, how many projects on your own GitHub, are running yet on version 2 of the framework? If you work with Docker, you have to ask yourself, how many times does your base docker image get updated, and is your base image well supported?
So, what is my call to action then? What can we as developers do to help stop the madness that is dependency heck? I offer these as just ideas...
- Limit 3rd party DLL usage
- the less you have to reference, the less you have to maintain later on
- Limit API changes
- If you have a shared DLL, focus on a good interface, and don't program around someone else's if you don't have to. Keep things generic enough where if you add something, you won't break old code
- try to write your own first
- this sounds counter to what a lot of people preach, however, if its something that only takes a day to develop, it might be worth your time to write it yourself. It sharpens your skillset, AND you have control of the code if there is a bug that comes out of it. Bugs in 3rd party controls mean you either have to work around their issue or wait for a new release.
- decouple when you can
- This holds in both worlds. If you build a website on bootstrap, make sure that the site still works if either you miss a bootstrap link or the CDN goes down. The same holds on the backend. If you are using Rest Services, make sure that you, if needed, can transition easily to a different platform, like gRPC, or even WCF. Keep your core logic away from your interface logic at all times, and it will make your life easier in the long run.
As this is the first post on this platform, I figured I'd address the biggest gripe that I have dealt with. I'm curious to think what others feel about this. Let me know :)
Top comments (0)