6 Questions to ask yourself before copy-pasting code

Paula Santamaría on October 09, 2019

Most of us would probably agree that Googling is a big part of a developer’s job. We regularly browse the internet in search of tutorials, document... [Read Full]
markdown guide
 

Great advice, definitely something to keep in mind.

One question I would like to add is "Is the code source safe and reputable?". Especially if we want to run it in the terminal. Some time ago, I've read this article and always kept it in mind when copy/pasting the code: blog.securelayer7.net/exploiting-b...

Thank you very much for including my article, by the way.

 

Great question and article Adrian, thank you!
I really enjoyed your article about evaluating npm packages. I work with other package managers like Nuget and I found your checklist questions to be useful to check those packages as well.

 

I know this post isn't really about legal issues, but as a lawyer, I just can't resist pointing out that before copy-pasting code, you should also ask yourself:

Am I infringing anyone's copyright?

If you have a company policy or guideline that covers this, the simplest scenario would be to ensure you are in line with that and have done the actions required, where any.

Otherwise, you should always keep in mind that copy-pasting any non-trivial amount of code (assume a low threshold) from somewhere else and incorporating it into yours usually means you are either creating a derivative work of or reproducing (making a copy of) a work protected by copyright. This requires a permission of some kind from the copyright holder(s) of that piece of code. Usually, you would rely on a standardized license by the rights holder(s) for this, often an open-source one. Just remember that even the most permissive licenses usually carry additional requirements of some kind, often related to retaining or adding the license text or notice and the original copyright statement as part of your source code and/or documentation, or something similar.

Copy-pasting code, perhaps the most important (legal) questions you should be able to answer are:

  • What's the license for the code you're copying?
  • Are you able to fulfill the requirements of that license? This includes making sure it's compatible with the requirements of the license(s) you are using, i.e., that you are able to fulfill the requirements of all applicable licenses at the same time without creating a conflict. With common permissive licenses (e.g. MIT, BSD, Apache-2.0) this isn't usually a problem, but you should be more careful with copyleft-style licenses such as different variants and versions of GPL and MPL, which may require you to adopt the same license for your code.

Some useful resources off the top of my head:

 
 

Relevant article from BBC News.

It's also worth mentioning that copying and pasting from within the same project is also a no-no. It's a source of considerable technical debt and it WILL bite you later on when you need to update the functionality. It's always a good use of time to make that functionality reusable properly rather than just carelessly copying and pasting it. If you're rushing to get something live when under the gun, you can justify it, but only if you make sure you go back later and refactor it.

 

Excellent point, Matthew.
Also, I honestly didn't thought about the security risks of copy-pasting code when I was writing this article. @adrianbdesigns also shared an article related to this topic. I'm going to include both your comments in the post.
Thank you!

 

I read a joke on Reddit the other day that was basically:

Copy and pasting code: $0
Knowing which code to copy and paste: $100,000

As developers there is so much we don't know and some random edge case things that we don't memorize for it's use once every 3 months. But having the knowledge on how to quickly find and evaluate what you need is invaluable.

 

So true. The internet is a great resource, but it's even better when used correctly.

 
 

An actual tip though, even if you think you've found a snippet of code that does exactly what you want, type it out by hand. It'll help it sink in and improve your recall should you need to do something similar again. Usually, I find when typing it out that I want to change how it works too.

 
 
 
code of conduct - report abuse