This also including copy-paste from Gist or GitHub blobs, vs installing from / cloning the repos.
Copy-paste seems to have benefits, although it probably cannot be versioned directly.
- Not only size-aware, but also content-aware.
- Removing necessary codes and streamlining to your projects are easier.
- Bug fixing is yours, and can be easier. Not fixing bugs is a vulnerability.
- Dependencies' code is still code, and I believe that usually, the less code, the safer.
- Not really sure how to deal with LICENSE, though.
As NPM might be full of a few lines' packages; but not sure about how other repositories (e.g. PyPI) do, what do you think?
So, should I publish a Gist, a GitHub Repo, or a Package?
Top comments (1)
For me, this comes down to who is working on the project. If it’s just me, or if I’m prototyping, then I tend to copy in utility code so that I can modify it, if needed. Sometimes the utility code is only used in one place, and so can be made more specific to how I’m using it.
If I expect others to work on the same project, or if I expect to hand off the project at some point, then I use libraries instead. Using libraries makes it easier to separate project-specific code—that will need to be understood and maintained—from extraneous/utility/black-box code. If the library is well known (like lodash) then most devs will be able to recognise and understand it right away.