DEV Community

Cover image for Code Smell 138 - Packages Dependency
Maxi Contieri
Maxi Contieri

Posted on • Originally published at maximilianocontieri.com

5 2

Code Smell 138 - Packages Dependency

There's an industry trend to avoid writing code as much as possible. But this is not for free

TL;DR: Write your code unless you need an existing complex solution

Problems

Solutions

  1. Import and implement trivial solutions

  2. Rely on external and mature dependencies

Context

Recently, There's a trend to rely on a hard to trace dependencies.

This introduces coupling into our designs and architectural solutions.

Sample Code

Wrong

$ npm install --save is-odd

// https://www.npmjs.com/package/is-odd
// This package has about 500k weekly downloads
// https://github.com/i-voted-for-trump/is-odd/blob/master/index.js

module.exports = function isOdd(value) {
  const n = Math.abs(value); 
  return (n % 2) === 1;
};
Enter fullscreen mode Exit fullscreen mode

Right

function isOdd(value) {
  const n = Math.abs(value); 
  return (n % 2) === 1;
};

// Just solve it inline
Enter fullscreen mode Exit fullscreen mode

Detection

[X] Automatic

We can check our external dependencies and stick to the minimum.

We can also depend on a certain concrete version to avoid hijacking.

Tags

  • Security

Conclusion

Lazy programmers push reuse to absurd limits.

We need a good balance between code duplication and crazy reuse.

As always, there are rules of thumb but no rigid rules.

More Info

Credits

Photo by olieman.eth on Unsplash

Thanks to Ramiro Rela for this smell


Complexity kills. It sucks the life out of developers, it makes products difficult to plan, build and test, it introduces security challenges, and it causes end-user and administrator frustration.

Ray Ozzie


This article is part of the CodeSmell Series.

A Layered Approach to Mobile App Protection

A Layered Approach to Mobile App Protection

Attackers use static analysis to understand how your app functions and the data it contains. By using multiple layers of protections like code obfuscation and string encryption, you can prevent attackers from accessing your app.

Read more

Top comments (0)

Gen AI apps are built with MongoDB Atlas

Gen AI apps are built with MongoDB Atlas

MongoDB Atlas is the developer-friendly database for building, scaling, and running gen AI & LLM apps—no separate vector DB needed. Enjoy native vector search, 115+ regions, and flexible document modeling. Build AI faster, all in one place.

Start Free

👋 Kindness is contagious

Show gratitude for this enlightening post and join the vibrant DEV Community. Developers at every level are invited to share and grow our collective expertise.

A simple “thank you” can make someone’s day. Leave your appreciation below!

On DEV, collaborative knowledge clears our path and deepens our connections. Enjoyed the article? A quick message of thanks to the author goes a long way.

Count me in