loading...

CopyPasta vs adding smaller dependencies

patarapolw profile image Pacharapol Withayasakpunt ・1 min read

This also including copy-paste from Gist or GitHub blobs, vs installing from / cloning the repos.

Copy-paste seems to have benefits, although it probably cannot be versioned directly.

  • Not only size-aware, but also content-aware.
  • Removing necessary codes and streamlining to your projects are easier.
  • Bug fixing is yours, and can be easier. Not fixing bugs is a vulnerability.
    • Dependencies' code is still code, and I believe that usually, the less code, the safer.
  • Not really sure how to deal with LICENSE, though.

As NPM might be full of a few lines' packages; but not sure about how other repositories (e.g. PyPI) do, what do you think?

So, should I publish a Gist, a GitHub Repo, or a Package?

Discussion

markdown guide
 

For me, this comes down to who is working on the project. If it’s just me, or if I’m prototyping, then I tend to copy in utility code so that I can modify it, if needed. Sometimes the utility code is only used in one place, and so can be made more specific to how I’m using it.

If I expect others to work on the same project, or if I expect to hand off the project at some point, then I use libraries instead. Using libraries makes it easier to separate project-specific code—that will need to be understood and maintained—from extraneous/utility/black-box code. If the library is well known (like lodash) then most devs will be able to recognise and understand it right away.