How to deal with fear of taking dependencies The 2019 Stack Overflow Developer Survey Results Are InWhen should new C projects target very old C standards (>20 years old, i.e. C89)?Using third-party libraries - always use a wrapper?Is the Entity Framework appropriate when all you do is insert records in bulk?What document should describe usage of a third party library in a project?How does one keep argument counts low and still keep third party dependencies separate?Formal justification for use of third-party librariesHow to decide what library to use?Licensing, how to?Third party dependencies managementHow to have multiple source copies of a dependency in a C# git project?Bringing a large, complex legacy project under git control

Is flight data recorder erased after every flight?

What is the best strategy for white in this position?

Patience, young "Padovan"

Does it makes sense to buy a new cycle to learn riding?

Carnot-Caratheodory metric

Understanding the implication of what "well-defined" means for the operation in quotient group

"To split hairs" vs "To be pedantic"

Limit to 0 ambiguity

How was Skylab's orbit inclination chosen?

Does a dangling wire really electrocute me if I'm standing in water?

Is "plugging out" electronic devices an American expression?

Could a US political party gain complete control over the government by removing checks & balances?

Landlord wants to switch my lease to a "Land contract" to "get back at the city"

Realistic Alternatives to Dust: What Else Could Feed a Plankton Bloom?

Dual Citizen. Exited the US on Italian passport recently

Should I write numbers in words or as numerals when there are multiple next to each other?

The difference between dialogue marks

I looked up a future colleague on LinkedIn before I started a job. I told my colleague about it and he seemed surprised. Should I apologize?

Should I use my personal or workplace e-mail when registering to external websites for work purpose?

Are there any other methods to apply to solving simultaneous equations?

Extreme, unacceptable situation and I can't attend work tomorrow morning

Is there a name of the flying bionic bird?

A poker game description that does not feel gimmicky

Where does the "burst of radiance" from Holy Weapon originate?



How to deal with fear of taking dependencies



The 2019 Stack Overflow Developer Survey Results Are InWhen should new C projects target very old C standards (>20 years old, i.e. C89)?Using third-party libraries - always use a wrapper?Is the Entity Framework appropriate when all you do is insert records in bulk?What document should describe usage of a third party library in a project?How does one keep argument counts low and still keep third party dependencies separate?Formal justification for use of third-party librariesHow to decide what library to use?Licensing, how to?Third party dependencies managementHow to have multiple source copies of a dependency in a C# git project?Bringing a large, complex legacy project under git control



.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








39















The team I'm in creates components that can be used by the company's partners to integrate with our platform.



As such, I agree we should take extreme care when introducing (third-party) dependencies. Currently we have no third-party dependencies and we have to stay on the lowest API level of the framework.



Some examples:



  • We are forced to stay on the lowest API level of the framework (.NET Standard). The reasoning behind this is that a new platform could one day arrive that only supports that very low API level.

  • We have implemented our own components for (de)serializing JSON and are in the process of doing the same for JWT. This is available on a higher level of the framework API.

  • We have implemented a wrapper around the HTTP framework of the standard library, because we don't want to take a dependency on the HTTP implementation of the standard library.

  • All of the code for mapping to/from XML is written "by hand", again for the same reason.

I feel we are taking it too far. I'm wondering how to deal with this since this I think this greatly impacts our velocity.










share|improve this question









New contributor




Bertus is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.















  • 10





    Is there a justification for this (e.g., external requirement) or is it being done out of ignorance?

    – Blrfl
    yesterday






  • 2





    No real justification except what I mentioned in the first bullet point and the general "dependencies are bad", which is obviously true (to a certain degree).

    – Bertus
    yesterday






  • 4





    Do an experiment with some small part of codebase, create an isolation layer that doesn't try to be a generic library, but defines an abstract interface that models your needs; then put both your own implementation and a 3rd party dependency behind it, and compare how the two versions work/perform. Weigh out the pros and cons, assess how easy (or how hard) it would be to swap implementations, then make a decision. In short, test things out in a relatively low-risk way, see what happens, then decide.

    – Filip Milovanović
    yesterday







  • 48





    "Currently we have no third-party dependencies" This always makes me laugh when people claim this. Of course you do. You've not written your own compiler, IDE, implementation of any standard libraries. You've not written any of the shard objects libs that you use indirectly (or directly). When you realise how much 3rd party software and libraries that you depend on, you can drop the "dependencies are bad" idea, and just enjoy not re-inventing the wheel. I would just flag the dependencies that you have, and then ask why they're acceptable, but json parsing isn't.

    – UKMonkey
    yesterday







  • 4





    That said there is the alternative draw backs, like never finishing projects. But it does promote software jobs and employment :)

    – marshal craft
    yesterday

















39















The team I'm in creates components that can be used by the company's partners to integrate with our platform.



As such, I agree we should take extreme care when introducing (third-party) dependencies. Currently we have no third-party dependencies and we have to stay on the lowest API level of the framework.



Some examples:



  • We are forced to stay on the lowest API level of the framework (.NET Standard). The reasoning behind this is that a new platform could one day arrive that only supports that very low API level.

  • We have implemented our own components for (de)serializing JSON and are in the process of doing the same for JWT. This is available on a higher level of the framework API.

  • We have implemented a wrapper around the HTTP framework of the standard library, because we don't want to take a dependency on the HTTP implementation of the standard library.

  • All of the code for mapping to/from XML is written "by hand", again for the same reason.

I feel we are taking it too far. I'm wondering how to deal with this since this I think this greatly impacts our velocity.










share|improve this question









New contributor




Bertus is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.















  • 10





    Is there a justification for this (e.g., external requirement) or is it being done out of ignorance?

    – Blrfl
    yesterday






  • 2





    No real justification except what I mentioned in the first bullet point and the general "dependencies are bad", which is obviously true (to a certain degree).

    – Bertus
    yesterday






  • 4





    Do an experiment with some small part of codebase, create an isolation layer that doesn't try to be a generic library, but defines an abstract interface that models your needs; then put both your own implementation and a 3rd party dependency behind it, and compare how the two versions work/perform. Weigh out the pros and cons, assess how easy (or how hard) it would be to swap implementations, then make a decision. In short, test things out in a relatively low-risk way, see what happens, then decide.

    – Filip Milovanović
    yesterday







  • 48





    "Currently we have no third-party dependencies" This always makes me laugh when people claim this. Of course you do. You've not written your own compiler, IDE, implementation of any standard libraries. You've not written any of the shard objects libs that you use indirectly (or directly). When you realise how much 3rd party software and libraries that you depend on, you can drop the "dependencies are bad" idea, and just enjoy not re-inventing the wheel. I would just flag the dependencies that you have, and then ask why they're acceptable, but json parsing isn't.

    – UKMonkey
    yesterday







  • 4





    That said there is the alternative draw backs, like never finishing projects. But it does promote software jobs and employment :)

    – marshal craft
    yesterday













39












39








39


7






The team I'm in creates components that can be used by the company's partners to integrate with our platform.



As such, I agree we should take extreme care when introducing (third-party) dependencies. Currently we have no third-party dependencies and we have to stay on the lowest API level of the framework.



Some examples:



  • We are forced to stay on the lowest API level of the framework (.NET Standard). The reasoning behind this is that a new platform could one day arrive that only supports that very low API level.

  • We have implemented our own components for (de)serializing JSON and are in the process of doing the same for JWT. This is available on a higher level of the framework API.

  • We have implemented a wrapper around the HTTP framework of the standard library, because we don't want to take a dependency on the HTTP implementation of the standard library.

  • All of the code for mapping to/from XML is written "by hand", again for the same reason.

I feel we are taking it too far. I'm wondering how to deal with this since this I think this greatly impacts our velocity.










share|improve this question









New contributor




Bertus is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.












The team I'm in creates components that can be used by the company's partners to integrate with our platform.



As such, I agree we should take extreme care when introducing (third-party) dependencies. Currently we have no third-party dependencies and we have to stay on the lowest API level of the framework.



Some examples:



  • We are forced to stay on the lowest API level of the framework (.NET Standard). The reasoning behind this is that a new platform could one day arrive that only supports that very low API level.

  • We have implemented our own components for (de)serializing JSON and are in the process of doing the same for JWT. This is available on a higher level of the framework API.

  • We have implemented a wrapper around the HTTP framework of the standard library, because we don't want to take a dependency on the HTTP implementation of the standard library.

  • All of the code for mapping to/from XML is written "by hand", again for the same reason.

I feel we are taking it too far. I'm wondering how to deal with this since this I think this greatly impacts our velocity.







architecture .net dependencies third-party-libraries code-ownership






share|improve this question









New contributor




Bertus is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question









New contributor




Bertus is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question








edited 16 hours ago







Bertus













New contributor




Bertus is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked yesterday









BertusBertus

30127




30127




New contributor




Bertus is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





Bertus is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






Bertus is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.







  • 10





    Is there a justification for this (e.g., external requirement) or is it being done out of ignorance?

    – Blrfl
    yesterday






  • 2





    No real justification except what I mentioned in the first bullet point and the general "dependencies are bad", which is obviously true (to a certain degree).

    – Bertus
    yesterday






  • 4





    Do an experiment with some small part of codebase, create an isolation layer that doesn't try to be a generic library, but defines an abstract interface that models your needs; then put both your own implementation and a 3rd party dependency behind it, and compare how the two versions work/perform. Weigh out the pros and cons, assess how easy (or how hard) it would be to swap implementations, then make a decision. In short, test things out in a relatively low-risk way, see what happens, then decide.

    – Filip Milovanović
    yesterday







  • 48





    "Currently we have no third-party dependencies" This always makes me laugh when people claim this. Of course you do. You've not written your own compiler, IDE, implementation of any standard libraries. You've not written any of the shard objects libs that you use indirectly (or directly). When you realise how much 3rd party software and libraries that you depend on, you can drop the "dependencies are bad" idea, and just enjoy not re-inventing the wheel. I would just flag the dependencies that you have, and then ask why they're acceptable, but json parsing isn't.

    – UKMonkey
    yesterday







  • 4





    That said there is the alternative draw backs, like never finishing projects. But it does promote software jobs and employment :)

    – marshal craft
    yesterday












  • 10





    Is there a justification for this (e.g., external requirement) or is it being done out of ignorance?

    – Blrfl
    yesterday






  • 2





    No real justification except what I mentioned in the first bullet point and the general "dependencies are bad", which is obviously true (to a certain degree).

    – Bertus
    yesterday






  • 4





    Do an experiment with some small part of codebase, create an isolation layer that doesn't try to be a generic library, but defines an abstract interface that models your needs; then put both your own implementation and a 3rd party dependency behind it, and compare how the two versions work/perform. Weigh out the pros and cons, assess how easy (or how hard) it would be to swap implementations, then make a decision. In short, test things out in a relatively low-risk way, see what happens, then decide.

    – Filip Milovanović
    yesterday







  • 48





    "Currently we have no third-party dependencies" This always makes me laugh when people claim this. Of course you do. You've not written your own compiler, IDE, implementation of any standard libraries. You've not written any of the shard objects libs that you use indirectly (or directly). When you realise how much 3rd party software and libraries that you depend on, you can drop the "dependencies are bad" idea, and just enjoy not re-inventing the wheel. I would just flag the dependencies that you have, and then ask why they're acceptable, but json parsing isn't.

    – UKMonkey
    yesterday







  • 4





    That said there is the alternative draw backs, like never finishing projects. But it does promote software jobs and employment :)

    – marshal craft
    yesterday







10




10





Is there a justification for this (e.g., external requirement) or is it being done out of ignorance?

– Blrfl
yesterday





Is there a justification for this (e.g., external requirement) or is it being done out of ignorance?

– Blrfl
yesterday




2




2





No real justification except what I mentioned in the first bullet point and the general "dependencies are bad", which is obviously true (to a certain degree).

– Bertus
yesterday





No real justification except what I mentioned in the first bullet point and the general "dependencies are bad", which is obviously true (to a certain degree).

– Bertus
yesterday




4




4





Do an experiment with some small part of codebase, create an isolation layer that doesn't try to be a generic library, but defines an abstract interface that models your needs; then put both your own implementation and a 3rd party dependency behind it, and compare how the two versions work/perform. Weigh out the pros and cons, assess how easy (or how hard) it would be to swap implementations, then make a decision. In short, test things out in a relatively low-risk way, see what happens, then decide.

– Filip Milovanović
yesterday






Do an experiment with some small part of codebase, create an isolation layer that doesn't try to be a generic library, but defines an abstract interface that models your needs; then put both your own implementation and a 3rd party dependency behind it, and compare how the two versions work/perform. Weigh out the pros and cons, assess how easy (or how hard) it would be to swap implementations, then make a decision. In short, test things out in a relatively low-risk way, see what happens, then decide.

– Filip Milovanović
yesterday





48




48





"Currently we have no third-party dependencies" This always makes me laugh when people claim this. Of course you do. You've not written your own compiler, IDE, implementation of any standard libraries. You've not written any of the shard objects libs that you use indirectly (or directly). When you realise how much 3rd party software and libraries that you depend on, you can drop the "dependencies are bad" idea, and just enjoy not re-inventing the wheel. I would just flag the dependencies that you have, and then ask why they're acceptable, but json parsing isn't.

– UKMonkey
yesterday






"Currently we have no third-party dependencies" This always makes me laugh when people claim this. Of course you do. You've not written your own compiler, IDE, implementation of any standard libraries. You've not written any of the shard objects libs that you use indirectly (or directly). When you realise how much 3rd party software and libraries that you depend on, you can drop the "dependencies are bad" idea, and just enjoy not re-inventing the wheel. I would just flag the dependencies that you have, and then ask why they're acceptable, but json parsing isn't.

– UKMonkey
yesterday





4




4





That said there is the alternative draw backs, like never finishing projects. But it does promote software jobs and employment :)

– marshal craft
yesterday





That said there is the alternative draw backs, like never finishing projects. But it does promote software jobs and employment :)

– marshal craft
yesterday










5 Answers
5






active

oldest

votes


















73















... We are forced to stay on the lowest API level of the framework (.NET Standard) …




This to me highlights the fact that, not only are you potentially restricting yourselves too much, you may also be heading for a nasty fall with your approach.



.NET Standard is not, and never will be "the lowest API level of the framework". The most restrictive set of APIs for .NET is achieved by creating a portable class library that targets Windows Phone and Silverlight.



Depending on which version of .NET Standard you are targeting, you can end up with a very rich set of APIs that are compatible with .NET Framework, .NET Core, Mono, and Xamarin. And there are many third-party libraries that are .NET Standard compatible that will therefore work on all these platforms.



Then there is .NET Standard 2.1, likely to be released in the Autumn of 2019. It will be supported by .NET Core, Mono and Xamarin. It will not be supported by any version of the .NET Framework, at least for the foreseeable future, and quite likely always. So in the near future, far from being "the lowest API level of the framework", .NET Standard will supersede the framework and have APIs that aren't supported by the latter.



So be very careful with "The reasoning behind this is that a new platform could one day arrive that only supports that very low API level" as it's quite likely that new platforms will in fact support a higher level API than the old framework does.



Then there's the issue of third-party libraries. JSON.NET for example is compatible with .NET Standard. Any library compatible with .NET Standard is guaranteed - API-wise - to work with all .NET implementations that are compatible with that version of .NET Standard. So you achieve no additional compatibility by not using it and creating your JSON library. You simply create more work for yourselves and incur unnecessary costs for your company.



So yes, you definitely are taking this too far in my view.






share|improve this answer




















  • 3





    "You simply create more work for yourselves and incur unnecessary costs for your company." - and security liabilities. Does your JSON encoder crash with a stack overflow if you give it a recursive object? Does your parser handle escaped characters correctly? Does it reject unescaped characters that it should? How about unpaired surrogate characters? Does it overflow when the JSON encodes a number larger than 2^64? Or is it just a tiny eval wrapper with some sanity checks that are easily bypassed?

    – John Dvorak
    14 hours ago






  • 2





    "The most restrictive set of APIs for .NET is achieved by creating a portable class library that targets Windows Phone and Silverlight." I'll go out on a limb and claim that there's at least some APIs in that subset that are not supported by all possible implementations that ever existed (and nobody cares about WinPhone or Silvernight any more, not even microsoft). Using .NetStandard 2.0 as a target for a modern framework seems very prudent and not particularly limiting. Updating to 2.1 is a different story but there's no indication that they'd do so.

    – Voo
    14 hours ago


















37















We are forced to stay on the lowest API level of the framework (.net standard). The reasoning behind this is that a new platform could one day arrive that only supports that very low API level.




The reasoning here is rather backwards. Older, lower API levels are more likely to become obsolete and unsupported than newer ones. While I agree that staying a comfortable way behind the "cutting edge" is sensible to ensure a reasonable level of compatibility in the scenario you mention, never moving forward is beyond extreme.




We have implemented our own components for (de)serializing JSON, and are in the process of doing the same for JWT. This is available in a higher level of the framework API.
We have implemented a wrapper around the HTTP framework of the standard library because we don't want to take a dependency on the HTTP impelemntation of the standard library.
All of the code for mapping to/from XML is written "by hand", again for the same reason.




This is madness. Even if you don't want to use standard library functions for whatever reason, open source libraries exist with commercially compatible licenses that do all of the above. They've already been written, extensively tested from a functionality, security and API design point of view, and used extensively in many other projects.



If the worst happens and that project goes away, or stops being maintained, then you've got the code to build the library anyway, and you assign someone to maintain it. And you're likely still in a much better position than if you'd rolled your own, since in reality you'll have more tested, cleaner, more maintainable code to look after.



In the much more likely scenario that the project is maintained, and bugs or exploits are found in those libraries, you'll know about them so can do something about it - such as upgrading to a newer version free of charge, or patching your version with the fix if you've taken a copy.






share|improve this answer


















  • 1





    And even if you can't, switching to another library is still easier and better than rolling your own.

    – Lightness Races in Orbit
    6 hours ago






  • 2





    Excellent point that lower level stuff dies faster. That's the whole point of establishing abstractions.

    – Lightness Races in Orbit
    6 hours ago


















11














On the whole these things are good for your customers. Even a popular open source library might be impossible for them to use for some reason.



For example, they may have signed a contract with their customers promising not to use open source products.



However, as you point out, these features are not without cost.



  • Time to market

  • Size of package

  • Performance

I would raise these downsides and talk with customers to find out if they really need the uber levels of compatibility you are offering.



If all the customers already use Json.NET for example, then using it in your product rather than your own deserialisation code, reduces its size and improves it.



If you introduce a second version of your product, one which uses third-party libraries as well as a compatible one you could judge the uptake on both. Will customers use the third parties to get the latest features a bit earlier, or stick with the 'compatible' version?






share|improve this answer




















  • 9





    Yes I obviously agree, and I would add "security" to your list. There's some potential that you might introduce a vulnerability in your code, especially with things like JSON/JWT, compared to well tested frameworks and definitely the standard library.

    – Bertus
    yesterday











  • Yes, its hard to make the list because obviously things like security and performance could go both ways. But there is an obvious conflict of interest between finishing features and insuring internal components are fully featured/understood

    – Ewan
    yesterday






  • 7





    "they may have signed a contract with their customers promising not to use open source products" - they're using .NET Standard, which is open source. It's a bad idea to sign that contract when you're basing your entire product on an open source framework.

    – Stephen
    yesterday











  • And still people do it

    – Ewan
    yesterday


















5














Short answer is that you should start introducing third-party dependencies. During your next stand-up meeting, tell everyone that the next week at work will be the most fun they have had in years -- they'll replace the JSON and XML components with open source, standard libraries solutions. Tell everyone that they have three days to replace the JSON component. Celebrate after it's done. Have a party. This is worth celebrating.






share|improve this answer








New contributor




Double Vision Stout Fat Heavy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.




















  • This may be tongue in cheek but it's not unrealistic. I joined a company where a "senior" dev (senior by education only) had tasked a junior dev with writing a state machine library. It had five developer-months in it and it was still buggy, so I ripped it out and replaced it with a turnkey solution in a matter of a couple days.

    – TKK
    7 hours ago


















0














Basically it all comes down to effort vs. risk.



By adding an additional dependency or update your framework or use higher level API, you lower your effort but you take up risk. So I would suggest doing a SWOT analysis.



  • Strengths: Less effort, because you don't have to code it yourself.

  • Weaknesses: It's not as custom designed for your special needs as a handcrafted solution.

  • Opportunities: Time to market is smaller. You might profit from external developments.

  • Threats: You might upset customers with additional dependencies.

As you can see the additional effort to develop a handcrafted solution is an investment into lowering your threats. Now you can make a strategic decision.






share|improve this answer























    Your Answer








    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "131"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );






    Bertus is a new contributor. Be nice, and check out our Code of Conduct.









    draft saved

    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsoftwareengineering.stackexchange.com%2fquestions%2f389972%2fhow-to-deal-with-fear-of-taking-dependencies%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown

























    5 Answers
    5






    active

    oldest

    votes








    5 Answers
    5






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    73















    ... We are forced to stay on the lowest API level of the framework (.NET Standard) …




    This to me highlights the fact that, not only are you potentially restricting yourselves too much, you may also be heading for a nasty fall with your approach.



    .NET Standard is not, and never will be "the lowest API level of the framework". The most restrictive set of APIs for .NET is achieved by creating a portable class library that targets Windows Phone and Silverlight.



    Depending on which version of .NET Standard you are targeting, you can end up with a very rich set of APIs that are compatible with .NET Framework, .NET Core, Mono, and Xamarin. And there are many third-party libraries that are .NET Standard compatible that will therefore work on all these platforms.



    Then there is .NET Standard 2.1, likely to be released in the Autumn of 2019. It will be supported by .NET Core, Mono and Xamarin. It will not be supported by any version of the .NET Framework, at least for the foreseeable future, and quite likely always. So in the near future, far from being "the lowest API level of the framework", .NET Standard will supersede the framework and have APIs that aren't supported by the latter.



    So be very careful with "The reasoning behind this is that a new platform could one day arrive that only supports that very low API level" as it's quite likely that new platforms will in fact support a higher level API than the old framework does.



    Then there's the issue of third-party libraries. JSON.NET for example is compatible with .NET Standard. Any library compatible with .NET Standard is guaranteed - API-wise - to work with all .NET implementations that are compatible with that version of .NET Standard. So you achieve no additional compatibility by not using it and creating your JSON library. You simply create more work for yourselves and incur unnecessary costs for your company.



    So yes, you definitely are taking this too far in my view.






    share|improve this answer




















    • 3





      "You simply create more work for yourselves and incur unnecessary costs for your company." - and security liabilities. Does your JSON encoder crash with a stack overflow if you give it a recursive object? Does your parser handle escaped characters correctly? Does it reject unescaped characters that it should? How about unpaired surrogate characters? Does it overflow when the JSON encodes a number larger than 2^64? Or is it just a tiny eval wrapper with some sanity checks that are easily bypassed?

      – John Dvorak
      14 hours ago






    • 2





      "The most restrictive set of APIs for .NET is achieved by creating a portable class library that targets Windows Phone and Silverlight." I'll go out on a limb and claim that there's at least some APIs in that subset that are not supported by all possible implementations that ever existed (and nobody cares about WinPhone or Silvernight any more, not even microsoft). Using .NetStandard 2.0 as a target for a modern framework seems very prudent and not particularly limiting. Updating to 2.1 is a different story but there's no indication that they'd do so.

      – Voo
      14 hours ago















    73















    ... We are forced to stay on the lowest API level of the framework (.NET Standard) …




    This to me highlights the fact that, not only are you potentially restricting yourselves too much, you may also be heading for a nasty fall with your approach.



    .NET Standard is not, and never will be "the lowest API level of the framework". The most restrictive set of APIs for .NET is achieved by creating a portable class library that targets Windows Phone and Silverlight.



    Depending on which version of .NET Standard you are targeting, you can end up with a very rich set of APIs that are compatible with .NET Framework, .NET Core, Mono, and Xamarin. And there are many third-party libraries that are .NET Standard compatible that will therefore work on all these platforms.



    Then there is .NET Standard 2.1, likely to be released in the Autumn of 2019. It will be supported by .NET Core, Mono and Xamarin. It will not be supported by any version of the .NET Framework, at least for the foreseeable future, and quite likely always. So in the near future, far from being "the lowest API level of the framework", .NET Standard will supersede the framework and have APIs that aren't supported by the latter.



    So be very careful with "The reasoning behind this is that a new platform could one day arrive that only supports that very low API level" as it's quite likely that new platforms will in fact support a higher level API than the old framework does.



    Then there's the issue of third-party libraries. JSON.NET for example is compatible with .NET Standard. Any library compatible with .NET Standard is guaranteed - API-wise - to work with all .NET implementations that are compatible with that version of .NET Standard. So you achieve no additional compatibility by not using it and creating your JSON library. You simply create more work for yourselves and incur unnecessary costs for your company.



    So yes, you definitely are taking this too far in my view.






    share|improve this answer




















    • 3





      "You simply create more work for yourselves and incur unnecessary costs for your company." - and security liabilities. Does your JSON encoder crash with a stack overflow if you give it a recursive object? Does your parser handle escaped characters correctly? Does it reject unescaped characters that it should? How about unpaired surrogate characters? Does it overflow when the JSON encodes a number larger than 2^64? Or is it just a tiny eval wrapper with some sanity checks that are easily bypassed?

      – John Dvorak
      14 hours ago






    • 2





      "The most restrictive set of APIs for .NET is achieved by creating a portable class library that targets Windows Phone and Silverlight." I'll go out on a limb and claim that there's at least some APIs in that subset that are not supported by all possible implementations that ever existed (and nobody cares about WinPhone or Silvernight any more, not even microsoft). Using .NetStandard 2.0 as a target for a modern framework seems very prudent and not particularly limiting. Updating to 2.1 is a different story but there's no indication that they'd do so.

      – Voo
      14 hours ago













    73












    73








    73








    ... We are forced to stay on the lowest API level of the framework (.NET Standard) …




    This to me highlights the fact that, not only are you potentially restricting yourselves too much, you may also be heading for a nasty fall with your approach.



    .NET Standard is not, and never will be "the lowest API level of the framework". The most restrictive set of APIs for .NET is achieved by creating a portable class library that targets Windows Phone and Silverlight.



    Depending on which version of .NET Standard you are targeting, you can end up with a very rich set of APIs that are compatible with .NET Framework, .NET Core, Mono, and Xamarin. And there are many third-party libraries that are .NET Standard compatible that will therefore work on all these platforms.



    Then there is .NET Standard 2.1, likely to be released in the Autumn of 2019. It will be supported by .NET Core, Mono and Xamarin. It will not be supported by any version of the .NET Framework, at least for the foreseeable future, and quite likely always. So in the near future, far from being "the lowest API level of the framework", .NET Standard will supersede the framework and have APIs that aren't supported by the latter.



    So be very careful with "The reasoning behind this is that a new platform could one day arrive that only supports that very low API level" as it's quite likely that new platforms will in fact support a higher level API than the old framework does.



    Then there's the issue of third-party libraries. JSON.NET for example is compatible with .NET Standard. Any library compatible with .NET Standard is guaranteed - API-wise - to work with all .NET implementations that are compatible with that version of .NET Standard. So you achieve no additional compatibility by not using it and creating your JSON library. You simply create more work for yourselves and incur unnecessary costs for your company.



    So yes, you definitely are taking this too far in my view.






    share|improve this answer
















    ... We are forced to stay on the lowest API level of the framework (.NET Standard) …




    This to me highlights the fact that, not only are you potentially restricting yourselves too much, you may also be heading for a nasty fall with your approach.



    .NET Standard is not, and never will be "the lowest API level of the framework". The most restrictive set of APIs for .NET is achieved by creating a portable class library that targets Windows Phone and Silverlight.



    Depending on which version of .NET Standard you are targeting, you can end up with a very rich set of APIs that are compatible with .NET Framework, .NET Core, Mono, and Xamarin. And there are many third-party libraries that are .NET Standard compatible that will therefore work on all these platforms.



    Then there is .NET Standard 2.1, likely to be released in the Autumn of 2019. It will be supported by .NET Core, Mono and Xamarin. It will not be supported by any version of the .NET Framework, at least for the foreseeable future, and quite likely always. So in the near future, far from being "the lowest API level of the framework", .NET Standard will supersede the framework and have APIs that aren't supported by the latter.



    So be very careful with "The reasoning behind this is that a new platform could one day arrive that only supports that very low API level" as it's quite likely that new platforms will in fact support a higher level API than the old framework does.



    Then there's the issue of third-party libraries. JSON.NET for example is compatible with .NET Standard. Any library compatible with .NET Standard is guaranteed - API-wise - to work with all .NET implementations that are compatible with that version of .NET Standard. So you achieve no additional compatibility by not using it and creating your JSON library. You simply create more work for yourselves and incur unnecessary costs for your company.



    So yes, you definitely are taking this too far in my view.







    share|improve this answer














    share|improve this answer



    share|improve this answer








    edited 16 hours ago









    Peter Mortensen

    1,11521114




    1,11521114










    answered yesterday









    David ArnoDavid Arno

    29.2k75894




    29.2k75894







    • 3





      "You simply create more work for yourselves and incur unnecessary costs for your company." - and security liabilities. Does your JSON encoder crash with a stack overflow if you give it a recursive object? Does your parser handle escaped characters correctly? Does it reject unescaped characters that it should? How about unpaired surrogate characters? Does it overflow when the JSON encodes a number larger than 2^64? Or is it just a tiny eval wrapper with some sanity checks that are easily bypassed?

      – John Dvorak
      14 hours ago






    • 2





      "The most restrictive set of APIs for .NET is achieved by creating a portable class library that targets Windows Phone and Silverlight." I'll go out on a limb and claim that there's at least some APIs in that subset that are not supported by all possible implementations that ever existed (and nobody cares about WinPhone or Silvernight any more, not even microsoft). Using .NetStandard 2.0 as a target for a modern framework seems very prudent and not particularly limiting. Updating to 2.1 is a different story but there's no indication that they'd do so.

      – Voo
      14 hours ago












    • 3





      "You simply create more work for yourselves and incur unnecessary costs for your company." - and security liabilities. Does your JSON encoder crash with a stack overflow if you give it a recursive object? Does your parser handle escaped characters correctly? Does it reject unescaped characters that it should? How about unpaired surrogate characters? Does it overflow when the JSON encodes a number larger than 2^64? Or is it just a tiny eval wrapper with some sanity checks that are easily bypassed?

      – John Dvorak
      14 hours ago






    • 2





      "The most restrictive set of APIs for .NET is achieved by creating a portable class library that targets Windows Phone and Silverlight." I'll go out on a limb and claim that there's at least some APIs in that subset that are not supported by all possible implementations that ever existed (and nobody cares about WinPhone or Silvernight any more, not even microsoft). Using .NetStandard 2.0 as a target for a modern framework seems very prudent and not particularly limiting. Updating to 2.1 is a different story but there's no indication that they'd do so.

      – Voo
      14 hours ago







    3




    3





    "You simply create more work for yourselves and incur unnecessary costs for your company." - and security liabilities. Does your JSON encoder crash with a stack overflow if you give it a recursive object? Does your parser handle escaped characters correctly? Does it reject unescaped characters that it should? How about unpaired surrogate characters? Does it overflow when the JSON encodes a number larger than 2^64? Or is it just a tiny eval wrapper with some sanity checks that are easily bypassed?

    – John Dvorak
    14 hours ago





    "You simply create more work for yourselves and incur unnecessary costs for your company." - and security liabilities. Does your JSON encoder crash with a stack overflow if you give it a recursive object? Does your parser handle escaped characters correctly? Does it reject unescaped characters that it should? How about unpaired surrogate characters? Does it overflow when the JSON encodes a number larger than 2^64? Or is it just a tiny eval wrapper with some sanity checks that are easily bypassed?

    – John Dvorak
    14 hours ago




    2




    2





    "The most restrictive set of APIs for .NET is achieved by creating a portable class library that targets Windows Phone and Silverlight." I'll go out on a limb and claim that there's at least some APIs in that subset that are not supported by all possible implementations that ever existed (and nobody cares about WinPhone or Silvernight any more, not even microsoft). Using .NetStandard 2.0 as a target for a modern framework seems very prudent and not particularly limiting. Updating to 2.1 is a different story but there's no indication that they'd do so.

    – Voo
    14 hours ago





    "The most restrictive set of APIs for .NET is achieved by creating a portable class library that targets Windows Phone and Silverlight." I'll go out on a limb and claim that there's at least some APIs in that subset that are not supported by all possible implementations that ever existed (and nobody cares about WinPhone or Silvernight any more, not even microsoft). Using .NetStandard 2.0 as a target for a modern framework seems very prudent and not particularly limiting. Updating to 2.1 is a different story but there's no indication that they'd do so.

    – Voo
    14 hours ago













    37















    We are forced to stay on the lowest API level of the framework (.net standard). The reasoning behind this is that a new platform could one day arrive that only supports that very low API level.




    The reasoning here is rather backwards. Older, lower API levels are more likely to become obsolete and unsupported than newer ones. While I agree that staying a comfortable way behind the "cutting edge" is sensible to ensure a reasonable level of compatibility in the scenario you mention, never moving forward is beyond extreme.




    We have implemented our own components for (de)serializing JSON, and are in the process of doing the same for JWT. This is available in a higher level of the framework API.
    We have implemented a wrapper around the HTTP framework of the standard library because we don't want to take a dependency on the HTTP impelemntation of the standard library.
    All of the code for mapping to/from XML is written "by hand", again for the same reason.




    This is madness. Even if you don't want to use standard library functions for whatever reason, open source libraries exist with commercially compatible licenses that do all of the above. They've already been written, extensively tested from a functionality, security and API design point of view, and used extensively in many other projects.



    If the worst happens and that project goes away, or stops being maintained, then you've got the code to build the library anyway, and you assign someone to maintain it. And you're likely still in a much better position than if you'd rolled your own, since in reality you'll have more tested, cleaner, more maintainable code to look after.



    In the much more likely scenario that the project is maintained, and bugs or exploits are found in those libraries, you'll know about them so can do something about it - such as upgrading to a newer version free of charge, or patching your version with the fix if you've taken a copy.






    share|improve this answer


















    • 1





      And even if you can't, switching to another library is still easier and better than rolling your own.

      – Lightness Races in Orbit
      6 hours ago






    • 2





      Excellent point that lower level stuff dies faster. That's the whole point of establishing abstractions.

      – Lightness Races in Orbit
      6 hours ago















    37















    We are forced to stay on the lowest API level of the framework (.net standard). The reasoning behind this is that a new platform could one day arrive that only supports that very low API level.




    The reasoning here is rather backwards. Older, lower API levels are more likely to become obsolete and unsupported than newer ones. While I agree that staying a comfortable way behind the "cutting edge" is sensible to ensure a reasonable level of compatibility in the scenario you mention, never moving forward is beyond extreme.




    We have implemented our own components for (de)serializing JSON, and are in the process of doing the same for JWT. This is available in a higher level of the framework API.
    We have implemented a wrapper around the HTTP framework of the standard library because we don't want to take a dependency on the HTTP impelemntation of the standard library.
    All of the code for mapping to/from XML is written "by hand", again for the same reason.




    This is madness. Even if you don't want to use standard library functions for whatever reason, open source libraries exist with commercially compatible licenses that do all of the above. They've already been written, extensively tested from a functionality, security and API design point of view, and used extensively in many other projects.



    If the worst happens and that project goes away, or stops being maintained, then you've got the code to build the library anyway, and you assign someone to maintain it. And you're likely still in a much better position than if you'd rolled your own, since in reality you'll have more tested, cleaner, more maintainable code to look after.



    In the much more likely scenario that the project is maintained, and bugs or exploits are found in those libraries, you'll know about them so can do something about it - such as upgrading to a newer version free of charge, or patching your version with the fix if you've taken a copy.






    share|improve this answer


















    • 1





      And even if you can't, switching to another library is still easier and better than rolling your own.

      – Lightness Races in Orbit
      6 hours ago






    • 2





      Excellent point that lower level stuff dies faster. That's the whole point of establishing abstractions.

      – Lightness Races in Orbit
      6 hours ago













    37












    37








    37








    We are forced to stay on the lowest API level of the framework (.net standard). The reasoning behind this is that a new platform could one day arrive that only supports that very low API level.




    The reasoning here is rather backwards. Older, lower API levels are more likely to become obsolete and unsupported than newer ones. While I agree that staying a comfortable way behind the "cutting edge" is sensible to ensure a reasonable level of compatibility in the scenario you mention, never moving forward is beyond extreme.




    We have implemented our own components for (de)serializing JSON, and are in the process of doing the same for JWT. This is available in a higher level of the framework API.
    We have implemented a wrapper around the HTTP framework of the standard library because we don't want to take a dependency on the HTTP impelemntation of the standard library.
    All of the code for mapping to/from XML is written "by hand", again for the same reason.




    This is madness. Even if you don't want to use standard library functions for whatever reason, open source libraries exist with commercially compatible licenses that do all of the above. They've already been written, extensively tested from a functionality, security and API design point of view, and used extensively in many other projects.



    If the worst happens and that project goes away, or stops being maintained, then you've got the code to build the library anyway, and you assign someone to maintain it. And you're likely still in a much better position than if you'd rolled your own, since in reality you'll have more tested, cleaner, more maintainable code to look after.



    In the much more likely scenario that the project is maintained, and bugs or exploits are found in those libraries, you'll know about them so can do something about it - such as upgrading to a newer version free of charge, or patching your version with the fix if you've taken a copy.






    share|improve this answer














    We are forced to stay on the lowest API level of the framework (.net standard). The reasoning behind this is that a new platform could one day arrive that only supports that very low API level.




    The reasoning here is rather backwards. Older, lower API levels are more likely to become obsolete and unsupported than newer ones. While I agree that staying a comfortable way behind the "cutting edge" is sensible to ensure a reasonable level of compatibility in the scenario you mention, never moving forward is beyond extreme.




    We have implemented our own components for (de)serializing JSON, and are in the process of doing the same for JWT. This is available in a higher level of the framework API.
    We have implemented a wrapper around the HTTP framework of the standard library because we don't want to take a dependency on the HTTP impelemntation of the standard library.
    All of the code for mapping to/from XML is written "by hand", again for the same reason.




    This is madness. Even if you don't want to use standard library functions for whatever reason, open source libraries exist with commercially compatible licenses that do all of the above. They've already been written, extensively tested from a functionality, security and API design point of view, and used extensively in many other projects.



    If the worst happens and that project goes away, or stops being maintained, then you've got the code to build the library anyway, and you assign someone to maintain it. And you're likely still in a much better position than if you'd rolled your own, since in reality you'll have more tested, cleaner, more maintainable code to look after.



    In the much more likely scenario that the project is maintained, and bugs or exploits are found in those libraries, you'll know about them so can do something about it - such as upgrading to a newer version free of charge, or patching your version with the fix if you've taken a copy.







    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered yesterday









    berry120berry120

    1,5421317




    1,5421317







    • 1





      And even if you can't, switching to another library is still easier and better than rolling your own.

      – Lightness Races in Orbit
      6 hours ago






    • 2





      Excellent point that lower level stuff dies faster. That's the whole point of establishing abstractions.

      – Lightness Races in Orbit
      6 hours ago












    • 1





      And even if you can't, switching to another library is still easier and better than rolling your own.

      – Lightness Races in Orbit
      6 hours ago






    • 2





      Excellent point that lower level stuff dies faster. That's the whole point of establishing abstractions.

      – Lightness Races in Orbit
      6 hours ago







    1




    1





    And even if you can't, switching to another library is still easier and better than rolling your own.

    – Lightness Races in Orbit
    6 hours ago





    And even if you can't, switching to another library is still easier and better than rolling your own.

    – Lightness Races in Orbit
    6 hours ago




    2




    2





    Excellent point that lower level stuff dies faster. That's the whole point of establishing abstractions.

    – Lightness Races in Orbit
    6 hours ago





    Excellent point that lower level stuff dies faster. That's the whole point of establishing abstractions.

    – Lightness Races in Orbit
    6 hours ago











    11














    On the whole these things are good for your customers. Even a popular open source library might be impossible for them to use for some reason.



    For example, they may have signed a contract with their customers promising not to use open source products.



    However, as you point out, these features are not without cost.



    • Time to market

    • Size of package

    • Performance

    I would raise these downsides and talk with customers to find out if they really need the uber levels of compatibility you are offering.



    If all the customers already use Json.NET for example, then using it in your product rather than your own deserialisation code, reduces its size and improves it.



    If you introduce a second version of your product, one which uses third-party libraries as well as a compatible one you could judge the uptake on both. Will customers use the third parties to get the latest features a bit earlier, or stick with the 'compatible' version?






    share|improve this answer




















    • 9





      Yes I obviously agree, and I would add "security" to your list. There's some potential that you might introduce a vulnerability in your code, especially with things like JSON/JWT, compared to well tested frameworks and definitely the standard library.

      – Bertus
      yesterday











    • Yes, its hard to make the list because obviously things like security and performance could go both ways. But there is an obvious conflict of interest between finishing features and insuring internal components are fully featured/understood

      – Ewan
      yesterday






    • 7





      "they may have signed a contract with their customers promising not to use open source products" - they're using .NET Standard, which is open source. It's a bad idea to sign that contract when you're basing your entire product on an open source framework.

      – Stephen
      yesterday











    • And still people do it

      – Ewan
      yesterday















    11














    On the whole these things are good for your customers. Even a popular open source library might be impossible for them to use for some reason.



    For example, they may have signed a contract with their customers promising not to use open source products.



    However, as you point out, these features are not without cost.



    • Time to market

    • Size of package

    • Performance

    I would raise these downsides and talk with customers to find out if they really need the uber levels of compatibility you are offering.



    If all the customers already use Json.NET for example, then using it in your product rather than your own deserialisation code, reduces its size and improves it.



    If you introduce a second version of your product, one which uses third-party libraries as well as a compatible one you could judge the uptake on both. Will customers use the third parties to get the latest features a bit earlier, or stick with the 'compatible' version?






    share|improve this answer




















    • 9





      Yes I obviously agree, and I would add "security" to your list. There's some potential that you might introduce a vulnerability in your code, especially with things like JSON/JWT, compared to well tested frameworks and definitely the standard library.

      – Bertus
      yesterday











    • Yes, its hard to make the list because obviously things like security and performance could go both ways. But there is an obvious conflict of interest between finishing features and insuring internal components are fully featured/understood

      – Ewan
      yesterday






    • 7





      "they may have signed a contract with their customers promising not to use open source products" - they're using .NET Standard, which is open source. It's a bad idea to sign that contract when you're basing your entire product on an open source framework.

      – Stephen
      yesterday











    • And still people do it

      – Ewan
      yesterday













    11












    11








    11







    On the whole these things are good for your customers. Even a popular open source library might be impossible for them to use for some reason.



    For example, they may have signed a contract with their customers promising not to use open source products.



    However, as you point out, these features are not without cost.



    • Time to market

    • Size of package

    • Performance

    I would raise these downsides and talk with customers to find out if they really need the uber levels of compatibility you are offering.



    If all the customers already use Json.NET for example, then using it in your product rather than your own deserialisation code, reduces its size and improves it.



    If you introduce a second version of your product, one which uses third-party libraries as well as a compatible one you could judge the uptake on both. Will customers use the third parties to get the latest features a bit earlier, or stick with the 'compatible' version?






    share|improve this answer















    On the whole these things are good for your customers. Even a popular open source library might be impossible for them to use for some reason.



    For example, they may have signed a contract with their customers promising not to use open source products.



    However, as you point out, these features are not without cost.



    • Time to market

    • Size of package

    • Performance

    I would raise these downsides and talk with customers to find out if they really need the uber levels of compatibility you are offering.



    If all the customers already use Json.NET for example, then using it in your product rather than your own deserialisation code, reduces its size and improves it.



    If you introduce a second version of your product, one which uses third-party libraries as well as a compatible one you could judge the uptake on both. Will customers use the third parties to get the latest features a bit earlier, or stick with the 'compatible' version?







    share|improve this answer














    share|improve this answer



    share|improve this answer








    edited 14 hours ago









    Peter Mortensen

    1,11521114




    1,11521114










    answered yesterday









    EwanEwan

    43.6k33698




    43.6k33698







    • 9





      Yes I obviously agree, and I would add "security" to your list. There's some potential that you might introduce a vulnerability in your code, especially with things like JSON/JWT, compared to well tested frameworks and definitely the standard library.

      – Bertus
      yesterday











    • Yes, its hard to make the list because obviously things like security and performance could go both ways. But there is an obvious conflict of interest between finishing features and insuring internal components are fully featured/understood

      – Ewan
      yesterday






    • 7





      "they may have signed a contract with their customers promising not to use open source products" - they're using .NET Standard, which is open source. It's a bad idea to sign that contract when you're basing your entire product on an open source framework.

      – Stephen
      yesterday











    • And still people do it

      – Ewan
      yesterday












    • 9





      Yes I obviously agree, and I would add "security" to your list. There's some potential that you might introduce a vulnerability in your code, especially with things like JSON/JWT, compared to well tested frameworks and definitely the standard library.

      – Bertus
      yesterday











    • Yes, its hard to make the list because obviously things like security and performance could go both ways. But there is an obvious conflict of interest between finishing features and insuring internal components are fully featured/understood

      – Ewan
      yesterday






    • 7





      "they may have signed a contract with their customers promising not to use open source products" - they're using .NET Standard, which is open source. It's a bad idea to sign that contract when you're basing your entire product on an open source framework.

      – Stephen
      yesterday











    • And still people do it

      – Ewan
      yesterday







    9




    9





    Yes I obviously agree, and I would add "security" to your list. There's some potential that you might introduce a vulnerability in your code, especially with things like JSON/JWT, compared to well tested frameworks and definitely the standard library.

    – Bertus
    yesterday





    Yes I obviously agree, and I would add "security" to your list. There's some potential that you might introduce a vulnerability in your code, especially with things like JSON/JWT, compared to well tested frameworks and definitely the standard library.

    – Bertus
    yesterday













    Yes, its hard to make the list because obviously things like security and performance could go both ways. But there is an obvious conflict of interest between finishing features and insuring internal components are fully featured/understood

    – Ewan
    yesterday





    Yes, its hard to make the list because obviously things like security and performance could go both ways. But there is an obvious conflict of interest between finishing features and insuring internal components are fully featured/understood

    – Ewan
    yesterday




    7




    7





    "they may have signed a contract with their customers promising not to use open source products" - they're using .NET Standard, which is open source. It's a bad idea to sign that contract when you're basing your entire product on an open source framework.

    – Stephen
    yesterday





    "they may have signed a contract with their customers promising not to use open source products" - they're using .NET Standard, which is open source. It's a bad idea to sign that contract when you're basing your entire product on an open source framework.

    – Stephen
    yesterday













    And still people do it

    – Ewan
    yesterday





    And still people do it

    – Ewan
    yesterday











    5














    Short answer is that you should start introducing third-party dependencies. During your next stand-up meeting, tell everyone that the next week at work will be the most fun they have had in years -- they'll replace the JSON and XML components with open source, standard libraries solutions. Tell everyone that they have three days to replace the JSON component. Celebrate after it's done. Have a party. This is worth celebrating.






    share|improve this answer








    New contributor




    Double Vision Stout Fat Heavy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.




















    • This may be tongue in cheek but it's not unrealistic. I joined a company where a "senior" dev (senior by education only) had tasked a junior dev with writing a state machine library. It had five developer-months in it and it was still buggy, so I ripped it out and replaced it with a turnkey solution in a matter of a couple days.

      – TKK
      7 hours ago















    5














    Short answer is that you should start introducing third-party dependencies. During your next stand-up meeting, tell everyone that the next week at work will be the most fun they have had in years -- they'll replace the JSON and XML components with open source, standard libraries solutions. Tell everyone that they have three days to replace the JSON component. Celebrate after it's done. Have a party. This is worth celebrating.






    share|improve this answer








    New contributor




    Double Vision Stout Fat Heavy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.




















    • This may be tongue in cheek but it's not unrealistic. I joined a company where a "senior" dev (senior by education only) had tasked a junior dev with writing a state machine library. It had five developer-months in it and it was still buggy, so I ripped it out and replaced it with a turnkey solution in a matter of a couple days.

      – TKK
      7 hours ago













    5












    5








    5







    Short answer is that you should start introducing third-party dependencies. During your next stand-up meeting, tell everyone that the next week at work will be the most fun they have had in years -- they'll replace the JSON and XML components with open source, standard libraries solutions. Tell everyone that they have three days to replace the JSON component. Celebrate after it's done. Have a party. This is worth celebrating.






    share|improve this answer








    New contributor




    Double Vision Stout Fat Heavy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.










    Short answer is that you should start introducing third-party dependencies. During your next stand-up meeting, tell everyone that the next week at work will be the most fun they have had in years -- they'll replace the JSON and XML components with open source, standard libraries solutions. Tell everyone that they have three days to replace the JSON component. Celebrate after it's done. Have a party. This is worth celebrating.







    share|improve this answer








    New contributor




    Double Vision Stout Fat Heavy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.









    share|improve this answer



    share|improve this answer






    New contributor




    Double Vision Stout Fat Heavy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.









    answered yesterday









    Double Vision Stout Fat HeavyDouble Vision Stout Fat Heavy

    592




    592




    New contributor




    Double Vision Stout Fat Heavy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.





    New contributor





    Double Vision Stout Fat Heavy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.






    Double Vision Stout Fat Heavy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.












    • This may be tongue in cheek but it's not unrealistic. I joined a company where a "senior" dev (senior by education only) had tasked a junior dev with writing a state machine library. It had five developer-months in it and it was still buggy, so I ripped it out and replaced it with a turnkey solution in a matter of a couple days.

      – TKK
      7 hours ago

















    • This may be tongue in cheek but it's not unrealistic. I joined a company where a "senior" dev (senior by education only) had tasked a junior dev with writing a state machine library. It had five developer-months in it and it was still buggy, so I ripped it out and replaced it with a turnkey solution in a matter of a couple days.

      – TKK
      7 hours ago
















    This may be tongue in cheek but it's not unrealistic. I joined a company where a "senior" dev (senior by education only) had tasked a junior dev with writing a state machine library. It had five developer-months in it and it was still buggy, so I ripped it out and replaced it with a turnkey solution in a matter of a couple days.

    – TKK
    7 hours ago





    This may be tongue in cheek but it's not unrealistic. I joined a company where a "senior" dev (senior by education only) had tasked a junior dev with writing a state machine library. It had five developer-months in it and it was still buggy, so I ripped it out and replaced it with a turnkey solution in a matter of a couple days.

    – TKK
    7 hours ago











    0














    Basically it all comes down to effort vs. risk.



    By adding an additional dependency or update your framework or use higher level API, you lower your effort but you take up risk. So I would suggest doing a SWOT analysis.



    • Strengths: Less effort, because you don't have to code it yourself.

    • Weaknesses: It's not as custom designed for your special needs as a handcrafted solution.

    • Opportunities: Time to market is smaller. You might profit from external developments.

    • Threats: You might upset customers with additional dependencies.

    As you can see the additional effort to develop a handcrafted solution is an investment into lowering your threats. Now you can make a strategic decision.






    share|improve this answer



























      0














      Basically it all comes down to effort vs. risk.



      By adding an additional dependency or update your framework or use higher level API, you lower your effort but you take up risk. So I would suggest doing a SWOT analysis.



      • Strengths: Less effort, because you don't have to code it yourself.

      • Weaknesses: It's not as custom designed for your special needs as a handcrafted solution.

      • Opportunities: Time to market is smaller. You might profit from external developments.

      • Threats: You might upset customers with additional dependencies.

      As you can see the additional effort to develop a handcrafted solution is an investment into lowering your threats. Now you can make a strategic decision.






      share|improve this answer

























        0












        0








        0







        Basically it all comes down to effort vs. risk.



        By adding an additional dependency or update your framework or use higher level API, you lower your effort but you take up risk. So I would suggest doing a SWOT analysis.



        • Strengths: Less effort, because you don't have to code it yourself.

        • Weaknesses: It's not as custom designed for your special needs as a handcrafted solution.

        • Opportunities: Time to market is smaller. You might profit from external developments.

        • Threats: You might upset customers with additional dependencies.

        As you can see the additional effort to develop a handcrafted solution is an investment into lowering your threats. Now you can make a strategic decision.






        share|improve this answer













        Basically it all comes down to effort vs. risk.



        By adding an additional dependency or update your framework or use higher level API, you lower your effort but you take up risk. So I would suggest doing a SWOT analysis.



        • Strengths: Less effort, because you don't have to code it yourself.

        • Weaknesses: It's not as custom designed for your special needs as a handcrafted solution.

        • Opportunities: Time to market is smaller. You might profit from external developments.

        • Threats: You might upset customers with additional dependencies.

        As you can see the additional effort to develop a handcrafted solution is an investment into lowering your threats. Now you can make a strategic decision.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered yesterday









        Dominic HoferDominic Hofer

        1243




        1243




















            Bertus is a new contributor. Be nice, and check out our Code of Conduct.









            draft saved

            draft discarded


















            Bertus is a new contributor. Be nice, and check out our Code of Conduct.












            Bertus is a new contributor. Be nice, and check out our Code of Conduct.











            Bertus is a new contributor. Be nice, and check out our Code of Conduct.














            Thanks for contributing an answer to Software Engineering Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsoftwareengineering.stackexchange.com%2fquestions%2f389972%2fhow-to-deal-with-fear-of-taking-dependencies%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            Куамањотепек (Чилапа де Алварез) Садржај Становништво Види још Референце Спољашње везе Мени за навигацију17°19′47″N 99°1′51″W / 17.32972° СГШ; 99.03083° ЗГД / 17.32972; -99.0308317°19′47″N 99°1′51″W / 17.32972° СГШ; 99.03083° ЗГД / 17.32972; -99.030838877656„Instituto Nacional de Estadística y Geografía”„The GeoNames geographical database”Мексичка насељапроширитиуу

            How to make RAID controller rescan devices The 2019 Stack Overflow Developer Survey Results Are InLSI MegaRAID SAS 9261-8i: Disk isn't recognized after replacementHow to monitor the hard disk status behind Dell PERC H710 Raid Controller with CentOS 6?LSI MegaRAID - Recreate missing RAID 1 arrayext. 2-bay USB-Drive with RAID: btrfs RAID vs built-in RAIDInvalid SAS topologyDoes enabling JBOD mode on LSI based controllers affect existing logical disks/arrays?Why is there a shift between the WWN reported from the controller and the Linux system?Optimal RAID 6+0 Setup for 40+ 4TB DisksAccidental SAS cable removal

            Срби Садржај Географија Етимологија Генетика Историја Језик Религија Популација Познати Срби Види још Напомене Референце Извори Литература Спољашње везе Мени за навигацијууrs.one.un.orgАрхивираноАрхивирано из оригиналаПопис становништва из 2011. годинеCOMMUNITY PROFILE: SERB COMMUNITY„1996 population census in Bosnia and Herzegovina”„CIA - The World Factbook - Bosnia and Herzegovina”American FactFinder - Results„2011 National Household Survey: Data tables”„Srbi u Nemačkoj | Srbi u Njemačkoj | Zentralrat der Serben in Deutschland”оригинала„Vesti online - Srpski informativni portal”„The Serbian Diaspora and Youth: Cross-Border Ties and Opportunities for Development”оригиналаSerben-Demo eskaliert in Wien„The People of Australia – Statistics from the 2011 Census”„Erstmals über eine Million EU- und EFTA Angehörige in der Schweiz”STANOVNIŠTVO PREMA NARODNOSTI – DETALJNA KLASIFIKACIJA – POPIS 2011.(Завод за статистику Црне Горе)title=Présentation de la République de SerbieSerbian | EthnologuePopulation by ethnic affiliation, Slovenia, Census 1953, 1961, 1971, 1981, 1991 and 2002Попис на населението, домаќинствата и становите во Република Македонија, 2002: Дефинитивни податоциALBANIJA ETNIČKI ČISTI SRBE: Iščezlo 100.000 ljudi pokrštavanjem, kao što su to radile ustaše u NDH! | Telegraf – Najnovije vestiИз удаљене Аргентине„Tab11. Populaţia stabilă după etnie şi limba maternă, pe categorii de localităţi”Суседи броје Србе„Srpska Dijaspora”оригиналаMinifacts about Norway 2012„Statistiques - 01.06.2008”ПРЕДСЕДНИК СРБИЈЕ СА СРБИМА У БРАТИСЛАВИСлавка Драшковић: Многа питања Срба у Црној Гори нерешенаThe Spread of the SlavesGoogle Book„Distribution of European Y-chromosome DNA (Y-DNA) haplogroups by country in percentage”American Journal of Physical Anthropology 142:380–390 (2010)„Архивирана копија”оригинала„Haplogroup I2 (Y-DNA)”„Архивирана копија”оригиналаVTS 01 1 - YouTubeПрви сукоби Срба и Турака - Политикин забавникАрхивираноConstantine Porphyrogenitus: De Administrando ImperioВизантиски извори за историју народа ЈугославијеDe conversione Croatorum et Serborum: A Lost SourceDe conversione Croatorum et Serborum: Изгубљени извор Константина ПорфирогенитаИсторија српске државностиИсторија српског народаСрбофобија и њени извориСерска област после Душанове смртиИсторија ВизантијеИсторија средњовековне босанске државеСрби међу европским народимаСрби у средњем векуМедијиПодациууууу00577267