Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Are you afraid of dependencies?

Glen Mailer
July 20, 2017
Technology
0
50

Are you afraid of dependencies?

Glen Mailer

July 20, 2017
Tweet

More Decks by Glen Mailer

See All by Glen Mailer
How to React Appropriately
glenjamin
1
330
Bumping our Stack to PHP 5.5
glenjamin
0
170
Message Queues for Everyone
glenjamin
1
120
Messages queues don't need to be scary.
glenjamin
1
90
Upgrading from PHP 5.3 to 5.5
glenjamin
1
1k

Other Decks in Technology

See All in Technology
ブロックテーマでどう変わる?新しいWordPressのWebサイト制作
tbshiki
0
140
モノリスからの脱却に向けた 物流システムリプレイスの概要紹介 / Towards Decentralized Logistics System Replacement from Monolithic Structure
yumayabe
0
290
【Oracle Cloud ウェビナー】Oracle Databaseはクラウドに移行するべきか否か 全10ケースをご紹介 (2023年5月24日)
oracle4engineer
PRO
1
110
全AWSエンジニアに捧ぐ、CloudWatch 設計・運用 虎の巻 / CloudWatch design and operation bible
iselegant
28
10k
microCMSのエンジニア組織と文化
microcms
0
480
ジェネレーティブAIとの共創
yuyakakizaki08
1
430
Антихрупкость в IT или как полюбить изменения
alexanderbyndyu
0
370
LLMの普及による機械学習の民主化とMLPdMの重要性 / democratization-of-ml-and-importance-of-mlpdm-by-llm
yuya4
2
2.5k
高さ比べじゃない、キャリアは歩んできた道
dzeyelid
0
230
WOFFの紹介
mmclsntr
0
110
ABEMAのRenderScript Intrinsics Replacement Toolkit 導入事例
takahana
0
270
データマイニングと機械学習-SVM
trycycle
0
140

Featured

See All Featured
Six Lessons from altMBA
skipperchong
16
2.5k
Building Better People: How to give real-time feedback that sticks.
wjessup
346
18k
What’s in a name? Adding method to the madness
productmarketing
PRO
14
2.1k
Rails Girls Zürich Keynote
gr2m
89
12k
The Art of Programming - Codeland 2020
erikaheidi
37
11k
The Brand Is Dead. Long Live the Brand.
mthomps
48
3.9k
Three Pipe Problems
jasonvnalue
89
9.1k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
123
29k
GraphQLの誤解/rethinking-graphql
sonatard
41
8.2k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
25
5.3k
Side Projects
sachag
450
38k
How STYLIGHT went responsive
nonsquared
89
4.3k

Transcript

  1. Are you afraid of
    dependencies?
    Glen Mailer
    @glenathan

    View Slide

  2. “This module has no
    dependencies”

    View Slide

  3. Scared

    View Slide

  4. #1
    Small scope
    no dependencies needed

    View Slide

  5. #2
    Afraid of dependencies
    Author wanted to have written
    everything themselves

    View Slide

  6. #3
    Afraid of dependency
    problems
    Author has fallen into
    dependency hell in the past

    View Slide

  7. Rando on HN https://news.ycombinator.com/item?id=10571452
    “This is why developers should try to avoid
    introducing dependencies. Not at all costs, of
    course, but typical project in JavaScript, Go,
    Ruby, or Python has way, way too many
    dependencies, while little of them have any
    significant benefit.”

    View Slide

  8. Prominent Clojure community member
    “The ideal number of dependencies for a
    library release (not counting Clojure itself) is
    zero. Obviously, use common sense. If your
    library relies on critical functionality in another
    library, then make the dependency. But if you
    can get by without the dependency (even if
    that means copying some of those "utility"
    functions into your own code and making them
    private) then you will make life easier for
    consumers of your library.”

    View Slide

  9. What is a dependency
    anyway?

    View Slide

  10. #1
    Module Loading
    How to load a dependency into
    the system

    View Slide

  11. #2
    Package Management
    How to add a dependency into
    a project

    View Slide

  12. Commonalities
    between package
    managers

    View Slide

  13. Manifest of things to depend on
    A version for each thing
    Download from some central location
    Will pull in dependencies-of-dependencies aka
    transitive dependencies
    Arrange artifacts suitably for runtime module loading

    View Slide

  14. SemVer.org
    break.feature.fix

    View Slide

  15. Annex
    https://www.youtube.com/watch?v=JjYAnBhF2JU
    A fact-based dependency system

    View Slide

  16. Variations

    between package
    managers

    View Slide

  17. Global v Local
    Test v Dev v Real
    Package/Import symmetry
    Vendoring
    Snapshots
    Ranges
    Lockfiles
    Do Applications need versions?
    X Replaces Y (props to PHP's composer)

    View Slide

  18. Global v Local

    View Slide

  19. Dependency Hell

    View Slide

  20. A [email protected] [email protected]
    [email protected] [email protected]

    View Slide

  21. Pick a version of D for you
    1. Your app might work
    2. copy-paste from C
    3. upgrade B to work with [email protected]
    4. don’t use C, write your own thing

    View Slide

  22. Tell you it can’t resolve
    1. Tell it you know best
    2. copy-paste from C
    3. upgrade B to work with [email protected]
    4. don’t use C, write your own thing
    :pedantic? :abort

    View Slide

  23. Allow [email protected] and [email protected]
    to co-exist

    View Slide

  24. Basically everyone
    “OMG that can’t
    possibly work!?1!”

    View Slide

  25. Nix
    Cargo

    View Slide

  26. Allow both to co-exist
    1. Your app might work
    2. copy-paste from C
    3. upgrade B to work with [email protected]
    4. don’t use C, write your own thing

    View Slide

  27. Allow co-existence
    What could go wrong?

    View Slide

  28. More bytes

    View Slide

  29. Type conflicts from
    transitive dependencies

    View Slide

  30. Rust: forces a re-export
    JS: mostly duck types

    View Slide

  31. Is this actually a
    problem?

    View Slide

  32. The Language of the System
    Hickey 2012
    “Try to avoid
    bespoke
    protocols
    and formats”

    View Slide

  33. Allow co-existence
    What could go right?

    View Slide

  34. Less time spent
    keeping up
    Lowered cost
    of creating
    dependencies
    Smaller
    dependencies
    Less reasons

    to change
    Less changes

    View Slide

  35. View Slide

  36. Can we add this
    function into core?

    View Slide

  37. Single function
    dependencies?

    View Slide

  38. (map-values f m)
    [handy/map-values "1.0.0"]

    View Slide

  39. Other Downsides

    View Slide

  40. Discovery
    Evaluation

    View Slide

  41. Is this doable in
    Clojure?

    View Slide

  42. github.com/
    aav/clojure.osgi
    jafingerhut/dolly
    benedekfazekas/mranderson
    technomancy/metaverse

    View Slide

  43. In Summary

    View Slide

  44. The current state of
    dependency management
    has room for improvement

    View Slide

  45. Seek out and explore
    alternative approaches

    View Slide

  46. Don’t dismiss alternatives
    based only on existing
    experiences

    View Slide

  47. Thanks
    http://j.mp/afraid-of-dependencies

    View Slide