What are the dangers of using code that is posted online as opposed to developing the code yourself? Is there any reason to not use it?
In my experience the biggest danger in using code that is posted online is that you may end up investing a significant amount of time trying to understand it before realizing that it either doesn’t work as described or won’t work for your intended purpose. Having a good process that helps you make the decision to use or not to use a given piece of code can help mitigate the time sink risk. There is a lot of code out there, some of it’s fantastic some of it’s terrible and not all of it’s useful. Starting from scratch can be the only option for highly customized logic and functionality however assuming that brand new code is automatically better than code that has been heavily used and tested is folly. The bottom line is that if I were to create every piece of code I used for every project I ever did, I would only work on a small fraction of those that I currently do.
Steps to evaluating online code
- Is the source trustworthy?
- Can I understand the approach that someone else used to solve this problem?
- Does the solution cover all or almost all of my needs?
- Does it work when I plug it in?
Is the source trustworthy?
For community driven collaborate development models such as Drupal, trustworthiness is less of a concern. The community model of review allows for a base starting point of avoiding shadiness and malicious add-ons. I can see how long ago something was posted, roughly how many people are using it and if there are any open issues. Knowing that potentially thousands of other developers have reviewed this particular code and past revisions gives me piece of mind that I can use this with minimal fear that something inappropriate is going on behind the scenes.
For other sources such as forums and independent sites, I am typically more cautious. There is a lot of great content out there for php (and other languages of course) that isn’t neatly rolled up into a drupal module. When visiting such sites, I like to look for a few things before considering downloading code.
- Do they offer hashed checksums for verification that the code is presented as published by the original author?
- Is the code hosted on a reputable site e.g. sourceforge, github?
- Has someone I know recommended the module/ plug-in/ feature?
- Does it require you to install other non-standard libraries or elements?
- Do that have ads or links to disreputable materials?
Can I understand the approach that someone else used to solve this problem?
If I don’t understand how the code I’m reviewing manages to do what it does, I can’t in good conscience make use of it. I may need to look up unfamiliar function calls to become comfortable that it does what I says it does and that if I needed to make tweaks I could do so without breaking the rest of the code. Every programmer looks at a problem slightly differently and prefer particular devices. I need to evaluate the approach chosen as reasonable given the problem space in order to make it part of any system I am building. If the approach chosen is sloppy, erratic or is too specific for the problem I need to solve, I may use some of the logic but not the code itself as a base for a more complete solution of my own. Generally speaking, if someone has already spent time considering the problem I am facing, solved it and shared it, I should gratefully accept not having to formulate a new piece of code to do the same thing!
Does the solution cover all or almost all of my needs?
Sometimes you come across a piece of code that totally addresses a problem you are facing and you can easily adapt work you’ve already done to take advantage of it. Perhaps you’ve created a skeleton for a solution but haven’t accounted for all of the variations and this neat package has them covered. This can be the basis of a really great day
Other times you may come across a narrow solution that covers just one of several cases that you need to address. In these circumstances you need to evaluate the merits of copying the useful piece into your own module or working within the design of the existing module to add the missing elements. This really comes down to an evaluation of the effort it would take for you to wrap your problem solving inside someone else’s construct versus taking their partial solution and placing it within a broader approach that is more natural to you.
Does it work when I plug it in?
If a solution looks like it should work from reviewing the source code but doesn’t give you the right output or chokes when you attempt to integrate it into your system you need to determine how long you should spend trying to fix someone else’s code. It may be something simple such as not having a particular library installed or it could end up being really buggy or defective code. Estimate how long it would take to write that portion into new code before diving in to fix-it mode. Keep in mind that the goal for reusing existing code is to improve stability and decrease development time!
Code reuse is a great way to solve problems efficiently and a great way to improve your own development skills by analyzing the approaches that other developers take to solve problems. Appropriate caution and being aware of the time you are spending on other people’s code allows for the kind of rapid, agile development that we at Accella do so successfully.