NPM Packages: To install or not to install

#webdev #npm #programming #frontend

Are you a developer who installs A LOT of packages in your projects?
Are you a developer who occasionally installs some packages?
Are you a developer who never installs packages and builds everything from scratch?
Well, either way, this is for you! This article is an attempt to strike the fine balance of when and when not to install an npm package.

First off, whether you own a business and your app contains a lot of third-party libraries, or you’re a developer whose job involves a lot of npm installing, your future doesn’t look particularly bright.

In order to discover how to decide on installing a package, let’s first breakdown why making it a habit to install packages is bad for you.

Suppose you’re a business-owner whose business is booming. Your e-commerce website is doing great and gaining a lot of traffic. One day, you open the website and you find it completely broken.

After some investigation, you find out that the app’s code, which is built-up from numerous packages, is not working anymore.

You later find out that the person who built one of your packages that the app’s dependent on has decided to shut it down. Basically your entire business was resting on the whims of some developer.

If you’re thinking that this is a bit far-fetched, this has actually happened before, check this.

Now let’s look at some more probable disadvantages of npm packages:

1.Cost

While it may seem so, installing packages is not actually for free.

The thing you pay the most is performance. The performance of your app is directly affected by the size of the package. By performance I mean, the loading time and the responsiveness of app (how fast the app responds to user interaction)

This is by no means a cheap cost. The app performance can be the difference between a business's success and failure.

2.Security Risk

If you have a habit of installing a lot of packages, chances are your app will be prone to security issues. Because you’re basically adding a lot of code to your app that you don’t really know a lot about. Some of the code might have security vulnerabilities which can be exploited by hackers.
So if you’re a business-owner that’s a very dangerous thing to have.

3.Learning Curve

As a passionate-learner, this is for me by far the biggest disadvantage. Regularly installing packages can turn you into a lazy, incompetent developer. After all, it’s not very hard to type npm install.

When I first knew about npm packages, it was like magic for me. I thought people who built packages were like developers who only worked for mega companies. I could picture them wearing these hoodies, putting on their nerdy glasses while working with the lights off.
Later, I found a package that’s whole purpose is to check whether a number was even or odd, and that was pretty much it.

The moment I realized that developers who build packages are actually normal people, and that I have the capability to build any package I want, shifted my mindset hugely. I’m actually now building my own package which is something that, at some time, I thought I would be able to do when I’m close to retirement.

Instead of installing a package, why not make it?
Instead of just using a package from its documentation, why not read its code? Actually, I would argue now it’s a must to perform thorough code review for the package you’re using.

You will learn a lot, whether by taking in different ideas and being encouraged to make your own package, or by being trained to look for things that you can improve on in a piece of code. And of course, you will have full knowledge of the ins and outs of your application.

So, if you’re used to installing packages in order just to get things done, as time will pass you will find yourself way behind the pack.

You might be thinking now, ‘wow packages are really bad, and if they’re so bad why are people making them?!’. Well, that’s not actually the case.

Packages are a way of developers helping each other. You can learn a lot from other people’s code as well as saving time while building your app.

But the number one benefit from npm packages is Time. Packages save developers hours and hours of time building everything from scratch.

But I’ve just mentioned above that it’s better to build your own code for learning’s sake so how does that work?!

Actually, while working in a company, most of the time you won’t have the luxury of time to build everything from scratch, as companies always want fast development in order to generate fast revenue. So, you will find yourself thinking a lot; should I install a package for this feature or should I do it from scratch?

Let’s talk about the factors that can help us decide on the matter:

The most important factor is time. Time is basically how urgent the business request is vs how much time it would take to build it. If you find yourself in a very tight time-frame and the feature is somehow complex, then the reasonable decision would be to install a package (but choose wisely!).

Another situation where it would be more reasonable to install a package is if the feature you’re building requires a huge learning curve. I mean let’s not kid ourselves here you’re probably not gonna build your charts from scratch!

But let’s not stop here. If you find yourself having to install a package, after you finish the feature, make a plan to build it from scratch yourself, whether to replace the one you installed, or even if you build it on your own time for learning’s sake.

Summary

The next time you’re not sure whether or not to install a package, think of the factors we mentioned; Cost, Security Risk, Learning Curve and Time, and make a decision.
If you decided on installing the package, remember to: