diff --git a/source/_daily_emails/2024-06-13.md b/source/_daily_emails/2024-06-13.md new file mode 100644 index 000000000..12693b984 --- /dev/null +++ b/source/_daily_emails/2024-06-13.md @@ -0,0 +1,41 @@ +--- +title: Vetting third-party open-source software +date: 2024-06-13 +permalink: daily/2024/06/13/vetting-third-party-open-source-software +tags: + - software-development + - drupal + - open-source +cta: ~ +snippet: | + How do you vet open-source software you're thinking of adding to your project? +--- + +Open-source software, such as Drupal modules and themes, PHP libraries and Tailwind CSS plugins, is great. + +Instead of writing everything from scratch, if someone else has written what you need, you can use it. + +In the Drupal ecosystem, there's a saying - "There's a module for that!". + +But, assuming you find a project that adds the functionality you need, you should review and vet it before adding it to your application. + +Adding too many modules and libraries can cause performance issues, add a maintenance overhead, introduce upstream bugs and add potential security vulnerabilities. + +As well as reading the code, here are some questions I ask and things I look for when deciding to add a project or not: + +- Does it do what I need? +- Does it add too much functionality? Is there a more minimal version that does what I need without the extra overhead? +- Does it have a stable release? If there's only a development or alpha release (which are unstable and can break at any time), I wouldn't add it. +- Is it extendable? Can I configure or extend it if I need to add more or alter it's default functionality? +- How many other websites are using it? Websites like Drupal.org and Packagist will show usage statistics. +- How many open issues are there? +- When was the most recent commit and release? +- Does it have automated tests? If so, are they passing? +- Does it have a README.md file or other documentation? +- Who are the maintainers? +- Are they responsive to issues and accepting of outside contributions? If I find a bug, can I fix and contribute it? +- Does the project have a published roadmap? + +Finally: + +Do I really need it?