Web developers: don’t depend on dependencies

,

The world of web development seems to be relying ever more on an interconnected network of code and resources and dependencies. Whether it’s a CSS framework or a CDN-hosted version of jQuery, millions of websites are ready to topple if any one of these third-party solutions suddenly becomes unavailable.

An article in The Register today details what happened when a very simple piece of JavaScript code, published as an NPM dependency, was removed. Thousands of projects failed because a required function was no longer available; a situation which was made even worse because so many web projects these days are built entirely on JavaScript instead of a more semantic and stable basis. (Building a site or app in JavaScript leads to catastrophic failure – often a blank screen or slew of error messages – in the event of an uncaught coding error.)

The lesson that web developers must learn is that introducing many points of failure – in particular, through the connection of third-party dependencies – will inevitably lead to failure. The simple solution in this case is for the developer to take this very simple function – shown here on Github – and integrate it directly to the project’s own script files.

2 responses to “Web developers: don’t depend on dependencies”

  1. sw avatar
    sw

    Or instead, track the components right in the repository (against best practice) and run a few basic end-to-end tests after updating them with bower or npm.

    For composer dependencies, a private Satis mirror can make sure that the exact version required remains available, even if packagist is down or the origin was removed. This even happends to speed up CI and deployments :)

    1. Mark Howells-Mead avatar
      Mark Howells-Mead

      I can see the benefit of loading dependencies in this way, but I think that developers would be better off learning how to implement code directly in the long run. Simple functions like the one which has caused so many problems really don’t need to be managed as a dependency!

Leave a Reply

Your email address will not be published. Required fields are marked *

For security, use of Google’s reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

I agree to these terms.

This site uses Akismet to reduce spam. Learn how your comment data is processed.