The Dangers of Using Code You Don't Control

package-management.markdown

The Dangers of Using Code You Don't Control

---

Checks for Understanding

• In broad strokes, summarize the event

  • A guy had created an open source npm package called kik and and a company called Kik asked him if he could change the name of his package. In my opinion neither party handled the situation very professionally so I'm not surprised this happened. The guy who created kik got so upset that he unpublished all of his packages, one of which included left-pad. Apparently many applications depended on this package, so for about 3 hours they were all down until npm "un-unpublished" the package to fix everything.

• How do NPM and RubyGems relate?

  • NPM and RubyGems are both package managers, though it seems to me that it's acceptable to have much smaller functionalities in npm. (Since I have worked in R a lot too, R is open source and anyone can submit packages to the CRAN. The packages are usually large and for new statistical methodology, not for simple scripts like left-pad)

• What is left-pad and why is it used?

  • left-pad adds padding to the left of a string. After reading the article titled "Have We Forgotten How To Program" I'm not sure why it's used except for sheer laziness.

Observing

better-benchmark

• What does this Gem generally do?
  • This gem tells you if benchmarked times between two methodologies are statistically significant.
• When is the date of the last commit?
  • January 27, 2015
• How many open issues does it have?
  • Zero issues
• Start looking around the source code
  • This code this method takes in two arrays of benchmarking times and then creates and instance of RSRuby to be able to run a wilcoxon signed rank test with R. It outputs a hash with the results.
  • This code I'm not 100% sure what it's doing, something with command line arguments. The method system shows up several times, not sure what that does.
• Does it seem reasonable to add this dependency into your code?
  • I think it's reasonable, however there hasn't been any work on it in a year.

pry

• What does this Gem generally do?
  • This gem is a debugger for ruby.
• When is the date of the last commit?
  • 27 days ago.
• How many open issues does it have?
  • 143 issues.
• Start looking around the source code
  • This code determines the terminal screen size.
  • This code is the main ruby file for pry, it pulls everything together, but I'm not comfortable with it because I don't underdtand why the procs have a lot of unused parameters.
• Does it seem reasonable to add this dependency into your code?
  • Absolutely, a lot of people use this, and I've never had any issues with it before.

launchy

• What does this Gem generally do?

  • This gem is a testing tool to save a snapshot of the page at a certain point in your test.

• When is the date of the last commit?

  • October 1, 2015

• How many open issues does it have?

  • 4 issues.

• Start looking around the source code

  • This code takes in any number of arguments, has methods to convert them to strings, and whether they are valid or executable.
  • This code I feel bad, but I'm not sure what they mean by ruby engine or what the purpose of this code is.

• Does it seem reasonable to add this dependency into your code?

  • Absolutely, a lot of people use this, and I've never had any issues with it before.

• What are some factors you consider when adding dependencies to your projects?

  • How up to date they are, how many other people use them.