Tuesday, May 23, 2017

Should I check in my dependencies?

I was asked this week if it was better to check in dependency files such as jQuery and AngularJS into your git repo or to use a CDN. This has no one correct answer, however, there are things you should consider because of what it says about you as a developer.

Using a CDN
If you use CDN links in your project there is obviously no need to check in files for code you do not use. So are CDNs OK to use? Sure, there is nothing wrong with using a CDN. They are there to be used for any reason you need.

Using a CDN in your project can tell the person that is viewing your code, that the resource on the CDN you link to is only a dependency of your project and there is no focus on it specifically. If you improperly link to the CDN however can show a disregard for best practices.

Using a package manager file
If you use a package manager you definitely do not want to check those files into your source control. Checking in those files shows that your are not conscience of what the package manager is for, shows that you are lazy, or shows that you are not thorough. Ultimately, it comes down to illustrating your competency.

Using a local copy
Using a local copy downloaded from some site and added to your repo, can be handy. However, it may be the only way to get that resource because it isn't in any package manager. This is completely fine. If you do this you should definitely make sure more than just the code your using is present. I recommend finding the license at the very least. Just dropping the file into your source could violate its license (GPL, LGPL, etc.) and could open you up for legal trouble. Doing your due diligence will illustrate that you are a responsible developer.

How to prevent unwanted file Check-in
You will want to utilize your Source Control Management Systems mechanisms to control what is checked in. In the context of GIT, we have a .gitignore file, this file is where you put path and file name patterns to be excluded. The following is a starter example for NON Visual Studio projects.

    # Third Party Libraries

    # Compile/Transpile Artifacts

No comments: