Most of us would probably agree that Googling is a big part of a developer’s job. We regularly browse the internet in search of tutorials, documentation and we even copy & paste code to our own projects. Copy-pasting code can be a huge time saver, but how can we be sure the code we’re copying is safe and won’t bring new problems to our software? 🤔
Here are 6 questions I ask myself before copy-pasting code into my projects:
1. How does this work?
This may sound obvious, but it may come a time when you need a solution fast and, in the rush, just copy and paste whatever works into your project without trying to understand why and how it works.
When you don’t take the time to really understand the new code, you’re:
- Missing out on learning something new
- Taking the risk of introducing new bugs or problems
- Possibly going against the project’s architecture
2. How old is this code?
Or, also, which version of the framework/language does it target?
You may encounter a solution that was written for an older version of the framework or language you’re using.
In the best of cases you’ll realize the code is old when the compiler fails and tells you the method doesn’t exist or was deprecated. But if it doesn’t, this could lead you to:
- Introduce deprecated methods in your code
- Missing out the opportunity of applying a better solution using an updated version
3. How will this code affect my project?
Does the code follow patterns that go against the architecture of the project? Will it make me introduce bad practices or anti-patterns? Was it written on a completely different context?
Here’s an example:
Suppose you're working on an android app that should be able to run on low-end devices, and the code you're copying is not optimized for that. You could be harming your users, even if the code "works".
4. Does the code require any dependencies?
I’m usually reluctant to introduce new dependencies just to solve a single issue, but (as I said in my post about minimalism and clean code) I understand there are times when introducing a new dependency could be necessary.
In any case, before copying and pasting the code and blindly installing whatever dependencies it comes with, we should at least understand which they are and if it’s safe to incorporate them in our code (not every dependency is trustworthy).
Here's a great post about evaluating dependencies:
Checklist for choosing an optimal npm package
Adrian Bece ・ Aug 22 '19 ・ 3 min read
5. Is this code really necessary?
Once we understand how the code we’re considering to copy-paste actually works we should evaluate if we really need it. Maybe our project’s architecture already has a solution to our problem that we could use and we didn’t notice before.
In some cases the solution we find online helps us understand the problem, and this new level of understanding gives us the opportunity to implement our own solution that works better with our architecture and project than the code we were going to copy-paste.
6. What does the official documentation say? 📄
It’s interesting to check the official documentation of a language or framework for solutions, it usually contains best practices and nice tips that will help you get a deeper understanding about how the code works.
How do you keep your code safe when copy-pasting from online sources?
What's your approach? Let me know if there's anything else you do!
Some folks shared some articles about security issues that one could introduce when copy-pasting code. I honestly didn't think about this when writing this article, but I think it's important, so here are their comments:
Relevant article from BBC News.
It's also worth mentioning that copying and pasting from within the same project is also a no-no. It's a source of considerable technical debt and it WILL bite you later on when you need to update the functionality. It's always a good use of time to make that functionality reusable properly rather than just carelessly copying and pasting it. If you're rushing to get something live when under the gun, you can justify it, but only if you make sure you go back later and refactor it.
Great advice, definitely something to keep in mind.
One question I would like to add is "Is the code source safe and reputable?". Especially if we want to run it in the terminal. Some time ago, I've read this article and always kept it in mind when copy/pasting the code: blog.securelayer7.net/exploiting-b...
Thank you very much for including my article, by the way.
Top comments (15)
Great advice, definitely something to keep in mind.
One question I would like to add is "Is the code source safe and reputable?". Especially if we want to run it in the terminal. Some time ago, I've read this article and always kept it in mind when copy/pasting the code: blog.securelayer7.net/exploiting-b...
Thank you very much for including my article, by the way.
Great question and article Adrian, thank you!
I really enjoyed your article about evaluating npm packages. I work with other package managers like Nuget and I found your checklist questions to be useful to check those packages as well.
I know this post isn't really about legal issues, but as a lawyer, I just can't resist pointing out that before copy-pasting code, you should also ask yourself:
Am I infringing anyone's copyright?
If you have a company policy or guideline that covers this, the simplest scenario would be to ensure you are in line with that and have done the actions required, where any.
Otherwise, you should always keep in mind that copy-pasting any non-trivial amount of code (assume a low threshold) from somewhere else and incorporating it into yours usually means you are either creating a derivative work of or reproducing (making a copy of) a work protected by copyright. This requires a permission of some kind from the copyright holder(s) of that piece of code. Usually, you would rely on a standardized license by the rights holder(s) for this, often an open-source one. Just remember that even the most permissive licenses usually carry additional requirements of some kind, often related to retaining or adding the license text or notice and the original copyright statement as part of your source code and/or documentation, or something similar.
Copy-pasting code, perhaps the most important (legal) questions you should be able to answer are:
Some useful resources off the top of my head:
Thanks for the info, Henri!
I read a joke on Reddit the other day that was basically:
Copy and pasting code: $0
Knowing which code to copy and paste: $100,000
As developers there is so much we don't know and some random edge case things that we don't memorize for it's use once every 3 months. But having the knowledge on how to quickly find and evaluate what you need is invaluable.
So true. The internet is a great resource, but it's even better when used correctly.
Relevant article from BBC News.
It's also worth mentioning that copying and pasting from within the same project is also a no-no. It's a source of considerable technical debt and it WILL bite you later on when you need to update the functionality. It's always a good use of time to make that functionality reusable properly rather than just carelessly copying and pasting it. If you're rushing to get something live when under the gun, you can justify it, but only if you make sure you go back later and refactor it.
Excellent point, Matthew.
Also, I honestly didn't thought about the security risks of copy-pasting code when I was writing this article. @adrianbdesigns also shared an article related to this topic. I'm going to include both your comments in the post.
Thank you!
Just ask one: What the hell am I doing?
An actual tip though, even if you think you've found a snippet of code that does exactly what you want, type it out by hand. It'll help it sink in and improve your recall should you need to do something similar again. Usually, I find when typing it out that I want to change how it works too.
Oh that's a good one!
Or that 😂
I always ask this question before copy-pasting: Can I learn by copy-pasting?
🤓
Nice one!
Thanks!