Kennis Sofware in need

Sofware in need

The software you are writing has dependencies. Probably on a lot of open source. If you are not fully aware of your dependencies you might be in trouble without even knowing.


When you pull in a nice library that saves you a lot of work, that library possibly pulls in a lot of dependencies on it's own. The last time this bit us, was when we used a library that was too awesome not to use. It was written by a hero that we look up to and had a good story. But we ran into trouble when our application started building up a bit more load than average. It turned out that our hero also has a good story about how Java thread pooling can be improved and we unknowingly sucked in that dependency as well.

And you know what, it was really our own fault. I have written about how to prevent this before: and this story should be applied to your whole dependency tree. In our tree I found a piece of software looking like this:


Threadpool lib...


ouch, version 0.1.2-alpha1, I don't have to explain what that means. So here's my advice: learn to use and understand the tooling that helps you understand what your software depends on. mvn dependency:tree, lein deps :tree, or whatever the command is for the tool you use...