Sofware in need

Gert-Jan van de Streek

Gert-Jan van de Streek

Published: 11 January, 2016

The software you are writing has dependencies. Probably on a lot of open source. If you are not fully aware of your dependencies you might be in trouble without even knowing. When you pull in a nice library that saves you a lot of work, that library possibly pulls in a lot of dependencies on it's own. The last time this bit us, was when we used a library that was too awesome not to use. It was written by a hero that we look up to and had a good story. But we ran into trouble when our application started building up a bit more load than average. It turned out that our hero also has a good story about how Java thread pooling can be improved and we unknowingly sucked in that dependency as well.

And you know what, it was really our own fault. I have written about how to prevent this before: http://blog.avisi.nl/2013/03/04/open-source-maturity/ and this story should be applied to your whole dependency tree. In our tree I found a piece of software looking like this:

Threadpool lib...

ouch, version 0.1.2-alpha1, I don't have to explain what that means. So here's my advice: learn to use and understand the tooling that helps you understand what your software depends on. mvn dependency:tree, lein deps :tree, or whatever the command is for the tool you use...

Did you enjoy reading?

Share this blog with your audience!