cover of episode Third party dependencies

Third party dependencies

2022/5/12
logo of podcast AppForce1: news and info for iOS app developers

AppForce1: news and info for iOS app developers
Frequently requested episodes will be transcribed first

Shownotes Transcript

Send us a text)

Shoutout to Jason Zurita for his article https://jasonzurita.com/the-hidden-cost-of-dependencies/)

  • What are third party dependencies? 

  • Explain the distinction between: 

  • 1st party, for iOS devs, anything in the iOS SDK.

  • 2nd party dependencies, stuff integration from service provider you rely on. (You could call this a subset of 3rd party dependencies you really can not do without.)

  • 3rd party, stuff you integrate because it saves your time or it is convenient

  • Risks with 3rd party code 

  • Complexity (thank you Jason) 

  • Managing versions

  • Try updating a dependency in a Node’js codebase.

  • Build times, more code == more waiting

  • 3rd party code problems are often now your problems 

  • OSS frameworks only have a guarantee until the door

  • 3rd party code often intertwines deeply with your implementation if you are not very careful 

  • REALM or other data serialization libs are a great example

  • Security 

  • You choose to adopt all this third party code including all its warts, problems, issues and hidden problems. 

  • Enterprises often require a 100 percent review of any third party code. There is a reason big corps at some point try and loose as many dependencies.

  • Third party dependant developer syndrome (this is a fun one) 

  • Not invented here syndrome should also be avoided though

  • How to find third party dependencies 

  • CocoaPods index.

  • Swift Package Index, mention we sponsor them. Only mention this once briefly 

  • We also sponsor Tuist

  • Github and Google search

  • Licensing an the app store 

  • GPL is “difficult”

  • An Apache or MIT type license is reasonable 

  • If you are unsure, read up a bit on licenses. https://opensource.org/licenses)

  • How to choose to adopt a dependency 

  • Just link it won’t do

  • Review the dependency and project health on Github. 

  • What quality checks does the project have in place?

  • How does the support by the dev(s) look to you?

  • Would you pay for this feature set if it wasn’t available for free? 

  • If yes, WHY ARE YOU NOT SPONSORING THIS PROJECT?

  • How to deal with dependencies in the long run? 

  • Often you have to adopt the whole dependency as a whole at some point. 

  • Openly: Publish pull requests, maybe even become a maintainer.

  • Privately: Take the source, snip out anything you do

Stream makes it easy for you to seamlessly integrate real-time experiences into your application. Check out their Swift tutorial) to learn how you can get started adding video or in-app messaging to your apps!

Lead Software Developer) Learn best practices for being a great lead software developer.

Support the show)

Rate me on Apple Podcasts.

Send feedback on SpeakPipe)Or contact me on Mastodon: https://hachyderm.io/@appforce1)Support my podcast with a monthly subscription, it really helps.)My book: Being a Lead Software Developer)