How to deal with fear of taking dependencies

The team I’m in creates components that can be used by the company’s partners to integrate with our platform.

As such, I agree we should take extreme care when introducing (third-party) dependencies. Currently we have no third-party dependencies and we have to stay on the lowest API level of the framework.

Some examples:

  • We are forced to stay on the lowest API level of the framework (.NET Standard). The reasoning behind this is that a new platform could one day arrive that only supports that very low API level.
  • We have implemented our own components for (de)serializing JSON and are in the process of doing the same for JWT. This is available on a higher level of the framework API.
  • We have implemented a wrapper around the HTTP framework of the standard library, because we don’t want to take a dependency on the HTTP implementation of the standard library.
  • All of the code for mapping to/from XML is written “by hand”, again for the same reason.

I feel we are taking it too far. I’m wondering how to deal with this since this I think this greatly impacts our velocity.

15

… We are forced to stay on the lowest API level of the framework (.NET Standard) …

This to me highlights the fact that, not only are you potentially restricting yourselves too much, you may also be heading for a nasty fall with your approach.

.NET Standard is not, and never will be “the lowest API level of the framework“. The most restrictive set of APIs for .NET is achieved by creating a portable class library that targets Windows Phone and Silverlight.

Depending on which version of .NET Standard you are targeting, you can end up with a very rich set of APIs that are compatible with .NET Framework, .NET Core, Mono, and Xamarin. And there are many third-party libraries that are .NET Standard compatible that will therefore work on all these platforms.

Then there is .NET Standard 2.1, likely to be released in the Autumn of 2019. It will be supported by .NET Core, Mono and Xamarin. It will not be supported by any version of the .NET Framework, at least for the foreseeable future, and quite likely always. So in the near future, far from being “the lowest API level of the framework“, .NET Standard will supersede the framework and have APIs that aren’t supported by the latter.

So be very careful with “The reasoning behind this is that a new platform could one day arrive that only supports that very low API level” as it’s quite likely that new platforms will in fact support a higher level API than the old framework does.

Then there’s the issue of third-party libraries. JSON.NET for example is compatible with .NET Standard. Any library compatible with .NET Standard is guaranteed – API-wise – to work with all .NET implementations that are compatible with that version of .NET Standard. So you achieve no additional compatibility by not using it and creating your JSON library. You simply create more work for yourselves and incur unnecessary costs for your company.

So yes, you definitely are taking this too far in my view.

3

We are forced to stay on the lowest API level of the framework (.net standard). The reasoning behind this is that a new platform could one day arrive that only supports that very low API level.

The reasoning here is rather backwards. Older, lower API levels are more likely to become obsolete and unsupported than newer ones. While I agree that staying a comfortable way behind the “cutting edge” is sensible to ensure a reasonable level of compatibility in the scenario you mention, never moving forward is beyond extreme.

We have implemented our own components for (de)serializing JSON, and are in the process of doing the same for JWT. This is available in a higher level of the framework API.
We have implemented a wrapper around the HTTP framework of the standard library because we don’t want to take a dependency on the HTTP impelemntation of the standard library.
All of the code for mapping to/from XML is written “by hand”, again for the same reason.

This is madness. Even if you don’t want to use standard library functions for whatever reason, open source libraries exist with commercially compatible licenses that do all of the above. They’ve already been written, extensively tested from a functionality, security and API design point of view, and used extensively in many other projects.

If the worst happens and that project goes away, or stops being maintained, then you’ve got the code to build the library anyway, and you assign someone to maintain it. And you’re likely still in a much better position than if you’d rolled your own, since in reality you’ll have more tested, cleaner, more maintainable code to look after.

In the much more likely scenario that the project is maintained, and bugs or exploits are found in those libraries, you’ll know about them so can do something about it – such as upgrading to a newer version free of charge, or patching your version with the fix if you’ve taken a copy.

3

On the whole these things are good for your customers. Even a popular open source library might be impossible for them to use for some reason.

For example, they may have signed a contract with their customers promising not to use open source products.

However, as you point out, these features are not without cost.

  • Time to market
  • Size of package
  • Performance

I would raise these downsides and talk with customers to find out if they really need the uber levels of compatibility you are offering.

If all the customers already use Json.NET for example, then using it in your product rather than your own deserialisation code, reduces its size and improves it.

If you introduce a second version of your product, one which uses third-party libraries as well as a compatible one you could judge the uptake on both. Will customers use the third parties to get the latest features a bit earlier, or stick with the ‘compatible’ version?

4

Short answer is that you should start introducing third-party dependencies. During your next stand-up meeting, tell everyone that the next week at work will be the most fun they have had in years — they’ll replace the JSON and XML components with open source, standard libraries solutions. Tell everyone that they have three days to replace the JSON component. Celebrate after it’s done. Have a party. This is worth celebrating.

1

Basically it all comes down to effort vs. risk.

By adding an additional dependency or update your framework or use higher level API, you lower your effort but you take up risk. So I would suggest doing a SWOT analysis.

  • Strengths: Less effort, because you don’t have to code it yourself.
  • Weaknesses: It’s not as custom designed for your special needs as a handcrafted solution.
  • Opportunities: Time to market is smaller. You might profit from external developments.
  • Threats: You might upset customers with additional dependencies.

As you can see the additional effort to develop a handcrafted solution is an investment into lowering your threats. Now you can make a strategic decision.

Trang chủ Giới thiệu Sinh nhật bé trai Sinh nhật bé gái Tổ chức sự kiện Biểu diễn giải trí Dịch vụ khác Trang trí tiệc cưới Tổ chức khai trương Tư vấn dịch vụ Thư viện ảnh Tin tức - sự kiện Liên hệ Chú hề sinh nhật Trang trí YEAR END PARTY công ty Trang trí tất niên cuối năm Trang trí tất niên xu hướng mới nhất Trang trí sinh nhật bé trai Hải Đăng Trang trí sinh nhật bé Khánh Vân Trang trí sinh nhật Bích Ngân Trang trí sinh nhật bé Thanh Trang Thuê ông già Noel phát quà Biểu diễn xiếc khỉ Xiếc quay đĩa Dịch vụ tổ chức sự kiện 5 sao Thông tin về chúng tôi Dịch vụ sinh nhật bé trai Dịch vụ sinh nhật bé gái Sự kiện trọn gói Các tiết mục giải trí Dịch vụ bổ trợ Tiệc cưới sang trọng Dịch vụ khai trương Tư vấn tổ chức sự kiện Hình ảnh sự kiện Cập nhật tin tức Liên hệ ngay Thuê chú hề chuyên nghiệp Tiệc tất niên cho công ty Trang trí tiệc cuối năm Tiệc tất niên độc đáo Sinh nhật bé Hải Đăng Sinh nhật đáng yêu bé Khánh Vân Sinh nhật sang trọng Bích Ngân Tiệc sinh nhật bé Thanh Trang Dịch vụ ông già Noel Xiếc thú vui nhộn Biểu diễn xiếc quay đĩa Dịch vụ tổ chức tiệc uy tín Khám phá dịch vụ của chúng tôi Tiệc sinh nhật cho bé trai Trang trí tiệc cho bé gái Gói sự kiện chuyên nghiệp Chương trình giải trí hấp dẫn Dịch vụ hỗ trợ sự kiện Trang trí tiệc cưới đẹp Khởi đầu thành công với khai trương Chuyên gia tư vấn sự kiện Xem ảnh các sự kiện đẹp Tin mới về sự kiện Kết nối với đội ngũ chuyên gia Chú hề vui nhộn cho tiệc sinh nhật Ý tưởng tiệc cuối năm Tất niên độc đáo Trang trí tiệc hiện đại Tổ chức sinh nhật cho Hải Đăng Sinh nhật độc quyền Khánh Vân Phong cách tiệc Bích Ngân Trang trí tiệc bé Thanh Trang Thuê dịch vụ ông già Noel chuyên nghiệp Xem xiếc khỉ đặc sắc Xiếc quay đĩa thú vị
Trang chủ Giới thiệu Sinh nhật bé trai Sinh nhật bé gái Tổ chức sự kiện Biểu diễn giải trí Dịch vụ khác Trang trí tiệc cưới Tổ chức khai trương Tư vấn dịch vụ Thư viện ảnh Tin tức - sự kiện Liên hệ Chú hề sinh nhật Trang trí YEAR END PARTY công ty Trang trí tất niên cuối năm Trang trí tất niên xu hướng mới nhất Trang trí sinh nhật bé trai Hải Đăng Trang trí sinh nhật bé Khánh Vân Trang trí sinh nhật Bích Ngân Trang trí sinh nhật bé Thanh Trang Thuê ông già Noel phát quà Biểu diễn xiếc khỉ Xiếc quay đĩa
Thiết kế website Thiết kế website Thiết kế website Cách kháng tài khoản quảng cáo Mua bán Fanpage Facebook Dịch vụ SEO Tổ chức sinh nhật