Choosing dependencies using deps.dev

This content originally appeared on DEV Community and was authored by Elton Minetto

Choosing a project's dependencies is something we sometimes overlook, but it can have a very relevant impact. The following image illustrates the idea:

To facilitate this process, Google recently launched a new project, deps.dev. Its slogan summarizes its objective: Understand your dependencies. The tool supports programming languages such as JavaScript, Rust, Go, Python, and Java.

To show the advantages, imagine a scenario: a team is developing an API in Go and needs to choose a library to implement the Circuit Breaker pattern. After some research on the internet and the excellent website Awesome Go, they reduced the list to the following options:

• sony/gobreaker
• mercari/go-circuitbreaker
• rubyist/circuitbreaker
• afex/hystrix-go

Let's search each in deps.dev to start the comparison. These are the links to the analysis of the libs:

• sony/gobreaker
• mercari/go-circuitbreaker
• rubyist/circuitbreaker
• afex/hystrix-go

Some of the information presented stood out to me. For example, in the analysis of gobreaker:

• The tool creates a score for the lib, using criteria such as security, license, and whether it is actively maintained:

• We can see how many dependencies the lib has and how many projects are using it, which can be a good sign of quality and trust from the community:

It is also possible to see if the lib has any security warnings. The mercari/go-circuitbreaker lib presents a risk in this regard:

With this information, the team can make a safer decision as to which libs they can use in their project.

Another handy feature is that deps.dev has an API. With this API, it is possible to create a check in the project's Continuous Integration service to verify if there are any security warnings related to dependencies or if there is a new version of an essential library.

deps.dev is a worthwhile project that can help teams choose and manage their project's dependencies.

Originally published at https://eltonminetto.dev on April 19, 2023

This content originally appeared on DEV Community and was authored by Elton Minetto

Print Share Comment Cite Upload Translate Updates

APA

Elton Minetto | Sciencx (2023-04-21T11:51:23+00:00) Choosing dependencies using deps.dev. Retrieved from https://www.scien.cx/2023/04/21/choosing-dependencies-using-deps-dev/

MLA

" » Choosing dependencies using deps.dev." Elton Minetto | Sciencx - Friday April 21, 2023, https://www.scien.cx/2023/04/21/choosing-dependencies-using-deps-dev/

HARVARD

Elton Minetto | Sciencx Friday April 21, 2023 » Choosing dependencies using deps.dev., viewed ,<https://www.scien.cx/2023/04/21/choosing-dependencies-using-deps-dev/>

VANCOUVER

Elton Minetto | Sciencx - » Choosing dependencies using deps.dev. [Internet]. [Accessed ]. Available from: https://www.scien.cx/2023/04/21/choosing-dependencies-using-deps-dev/

CHICAGO

" » Choosing dependencies using deps.dev." Elton Minetto | Sciencx - Accessed . https://www.scien.cx/2023/04/21/choosing-dependencies-using-deps-dev/

IEEE

" » Choosing dependencies using deps.dev." Elton Minetto | Sciencx [Online]. Available: https://www.scien.cx/2023/04/21/choosing-dependencies-using-deps-dev/. [Accessed: ]

rf:citation

» Choosing dependencies using deps.dev | Elton Minetto | Sciencx | https://www.scien.cx/2023/04/21/choosing-dependencies-using-deps-dev/ |

Please log in to upload a file.

There are no updates yet.
Click the Upload button above to add an update.

You must be logged in to translate posts. Please log in or register.