Skip to content

General coding practices

Jump to bottom
ZΛNDΞR edited this page Nov 10, 2017 · 1 revision

Working with 3rd party dependencies

Working with 3rd party dependencies (from npm, Nuget etc) is common, but we need to ensure that all developers have a shared understanding about how and when they should be used in our projects. This includes choosing from a list of our recommended dependencies; if and when to modify 3rd party dependencies; and

Choosing dependencies

Not all dependencies are equal. Some have bugs, some are insecure and some are untested. How are you to know when to safely use a particular dependency?

Are you trying to solve a problem that other members of the team have solved before?

  • If you're not sure, ask them.
  • If they have worked on a similar problem, find out how they achieved it even use some of their code where necessary.
  • If no one on the team has solved the problem before, we recommend searching the websites below use your best judgement but before you settle on your choice, double-check with another developer before you commit to the choice.

Where to find dependencies

Your programming language will determine the best course of action.

Front-end

For front-end dependencies, we use npm there are a number of ways to find dependencies on npm:

  • Search npm itself: npmjs.com
  • Search npms.io - npms exposes a number of useful metrics beyond the standard npm search
  • Search js.coach - js.coach curates all the packages on there, so you can be sure that whatever it is that you are looking for, you will get a good result.
  • Search GitHub - hopefully dependency is on npm, although some dependencies are not. If you are definitely going to depend on GitHub, be absolutely sure that you are making the right choice.

Recommended dependencies

Each technology will have their own recommended dependencies. Please find them in the documentation for each technology, e.g. Javascript, React, CSS.

When to modify 3rd party dependencies

The general rule is to 🚫 NEVER 🚫 modify a 3rd party dependency without a VERY good reason for doing so. If you are modifying a dependency, you have to notify all other team members on the project and document it clearly in the codebase (where the module is used) and in the project documentation.

Making your own modules for re-use

Rather than writing everything from scratch and always choosing a 3rd party dependency, it is often wise to publish your own module so that future projects can make use of your efforts.

Code review process

To be completed by Zander

Clone this wiki locally