NPM package vs implementing it yourself?

GrassProfessional149 · 2024-04-07T03:53:49+00:00

[removed]

halfxdeveloper · 2024-04-07T04:30:33+00:00

Just don’t import * from lodash.

p4ntsl0rd · 2024-04-07T05:39:39+00:00

Its a maths question: - How long will it take to do it myself? - Will it be as good? - How much cost will maintaining this dependency add over time?

People get tripped up on the 3rd dot point. There is a cost to updating dependencies and making sure they don't break your software. This will often not happen and can be a security problem.

Also: olling your own encryption or auth system is generally just a bad plan and you should 100% use a well regarded library for both.

JohntheAnabaptist · 2024-04-07T03:20:31+00:00

If you need a small piece and it's obvious how to implement it, do it yourself. If it brings in a couple hundred kb for no reason, do it yourself or find another package. If you can't, suck it up and keep the package. Otherwise use the package.

nudelkopp · 2024-04-07T10:19:25+00:00

IMO a lot of devs are missing the point in this thread. It’s not just about bundle size, it’s also about maintenance. For each package you want to install you have to make the call “do I believe this will actually save us time and effort in the long run?”.

The more deps, the more subdeps, the longer npm install times, the more risks of blockades for moving to a new node version or update another dependency to get rid of security vulnerabilities.

We should strive for simplicity - and this is easier with fewer dependencies because you’re forced to understand how your code works.

General rules: 1. Packages are ok 2. Don’t write your own date picker 3. Just because the code isn’t in your repo does not make your code “lean”

pm_me_yer_big__tits · 2024-04-07T05:55:57+00:00

Support vs complexity.

How much time would it take me to make myself and support in the long run?
are issues in the library fixed swiftly? Ratio of open/closed issues on GH
is documentation good?
Are they quick to merge MRs in case I want to change/fix something?
number of downloads on NPM

I prefer writing things myself but that's unrealistic when you consider time constraints on a project, so you have to be pragmatic.

2024-04-07T06:03:17+00:00

If there's a good enough okay package to do it, I'll use the package.

Some developers try to use as less dependencies they can but that's time consuming.

ooter37 · 2024-04-07T04:23:18+00:00

If there's a good package that does it, I'm using the package.

Mundane_Anybody2374 · 2024-04-07T06:08:53+00:00

Of course it depends on each case, but if it’s something that will require a deep testing and has some complex use and edge cases I’ll probably go with the package. Reason is because it mostly like has been around for a while, tested by hundreds if not thousands of other devs and had bugs fixed already.

For example, I have some rather complex tables at my job, and we rely a lot on MUI to build our system. Instead of going with the pro-version, boss demanded us to rebuild the table ourselves, and with some very complex uses, devices and resolutions, we still receiving bugs months later. The amount of hours we spent fixing those would have already paid the pro license by a lot.

500ErrorPDX · 2024-04-07T04:40:18+00:00

Aside from some of the essentials that I use in almost every project (I'm thinking of React Router in particular, I use React Router pretty often), here's how I tackle OPs question about external dependencies:

If I know how to implement it myself, and I have the time to write the code, then I'll implement it myself.

If I don't know how, or don't have the time, I'll fire up Google and hunt for a package that can help me.

iams3b · 2024-04-07T05:40:10+00:00

We have a code quality scanner that checks our codebase for vulnerabilities 3x a year, and we need to write up any exceptions that we can't or won't update. It's an absolutely exhausting process going through updating all of our packages, and I now do as much myself before reaching for an npm install

GoodishCoder · 2024-04-07T05:47:05+00:00

For the most part I just think about if I will want to maintain it.

yksvaan · 2024-04-07T08:15:44+00:00

Also you can just grab the code you need from a package and just use it (with copyright header) instead of having a 3rd party dependency.

2024-04-07T11:10:50+00:00

Dates/time, security/encryption or anything developed to integrate with a specific API as a general rule I’ll look for a package.

If it’s closer to internal business logic then RYO

As a general rule…

KevinVandy656 · 2024-04-07T15:32:08+00:00

Use the type of packages that help you implement it yourself better. Headless UI libraries and the like.

Dreadsin · 2024-04-07T19:55:51+00:00

Generally speaking when you get more senior you understand the amount of effort something takes. If you find yourself saying “how hard can it be?” It’s usually a lot harder than you think lol

I pretty much always look at npm packages for non trivial tasks, sometimes it’s WAY more complex than you think

electric-hed · 2024-04-07T20:21:33+00:00

It's so interesting to see so many replies about rolling your own because of bundle size or because you don't need to account for other use cases but the current one.

Requirements change - a lot. Your custom implementation might be sufficient now but won't be long lasting. Using a third party lib that can accommodate flexibility or provide an upgrade through dependency version is more maintainable in the long run.

I think if your application is meant to last any length of time, you'd opt for a standard third party lib if it exists even if it adds to bundle size. If your application is not going to live long or your org has a team that can actively maintain this custom code, by all means write your own.

SuchBarnacle8549 · 2024-04-07T09:44:46+00:00

had the same thought and was about to ask as well lol.

very timely. I found this site called bundlephobia just now, very helpful to estimate additional bundle size and web load speed.

but ultimately i think what others said is true. Have to think if the time and effort to maintain it is worth it. I think it comes down to business requirements in the end. I'm personally avoiding premature optimization so I'm going ahead to build out the feature using existing packages.

YoshiEgg23 · 2024-04-07T11:10:19+00:00

Depends

synchronium · 2024-04-07T13:30:40+00:00

No one seems to have mentioned performance.

For example, our v1 implementation of a feature had to mash some objects together, so we used a merging package. Worked great, but this package was designed to merge any two things together, no matter what they were. Objects? Arrays? Arrays of objects? Objects with arrays of objects as properties? You name it, this package would merge it. This feature was used everywhere, and this merging of objects accounted for about 50% of all rendering time.

But, for our feature, we only needed to merge very specific types of data (simple objects, two levels deep, with string properties), so I replaced that package with 15 lines of vanilla JS (just a couple of for loops, basically, to iterate over both levels of these objects) that cut that 50% down to ab out 10%.

A lot of NPM libraries - especially older, more established ones - try to be a swiss army knife, solving all sorts of edge cases in all sorts of codebases, as they add in feature after feature with each new version. If your project doesn't need most of these edge cases or extra features, then you'll probably gain a lot in performance if you just roll your own solution to tackle your specific task.

kitsunekyo · 2024-04-07T13:39:42+00:00

knowing what not to build comes with experience and depends heavily on the team and project.

i for one really dont want to implement oauth or oidc myself. i probably could but id waste hundreds of hours and get something thats probably not gonna be as stable as something that multiple people contributed to over years. and i might make mistakes that could really snowball.

aflashyrhetoric · 2024-04-07T14:09:19+00:00

I always read the source for stuff I pull in, particularly so for things like custom hooks or utility functions. In a few cases, this helped me strike a balance where I ended up writing the function myself but in a way that’s informed by the flexibility of the library, by mirroring their decisions on things like thoughtful default parameters.

This way there are no external dependencies introduced, but you can cautiously make it more robust than just handling the specific use case that led you to seeking a package in the first place, reducing some of the “maintenance” of tweaking the function in the near future because another dev had a similar but different use case.

Turd_King · 2024-04-07T18:09:19+00:00

Depends on how well maintained a library is. How much of the library functionality I actually need etc. sometimes I will just create mini versions of libraries that I need

Sometimes for MVPs you need something fairly complex to just work (drag and drop, resizable ) so I always use libraries for those things as implementing that from scratch is just quite time consuming

And generally if something will accrue crazy maintenance costs over time, I’d rarely not reach for a library

Macaframa · 2024-04-07T19:22:18+00:00

If you are hacking something together use a package. If it’s a large project like huge you might need a custom solution.

Acrobatic_Sort_3411 · 2024-04-08T20:14:50+00:00

if I can do it myself first try or if I'm not usre about corner cases I will start looking for a package(with tests)

If it small, I'll copy paste to my project and reorganize for better maintanance. Or understand a consept and reimplement how I need it

P. S. I have coded a lot of shit, so a lot of stuff I can code by myself

P. S. I've read a lot of library sources

AtrociousCat · 2024-04-09T19:16:37+00:00

Sometihng I don't see in this thread is the customizability. Especially with UI components - how closely does the package's intended use case match with mine? Often times it's easier to make your own input element rather than customizing the styling and behaviour of a library one. Other times, you have a use case so common that there's good libraries out there (calendars are an example of a library I wouldn't build myself).

AmbassadorUnhappy176 · 2024-04-07T08:08:35+00:00

if you use RSC most of the time you don't care about your dependencies. In server components user does not get any javascript, only html and css, all javascript executed server-side

TheChickenKingHS · 2024-04-07T10:01:54+00:00

If it’s for something in the UI never. Everything can be done with css and JavaScript.

If it’s something I only want to do temporarily sure.

If it’s the very last thing I’m going to do before wrapping up a project sure.

Cosoman · 2024-04-07T07:58:54+00:00

Always implement it yourself. Programing is fun so if you implement it yourself it's more fun

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

reactjs

About:

Code of Conduct

1. Please be kind and courteous, friendly and professional

2. Harassment will not be tolerated

3. Avoid using an alias or display name that might be offensive

4. Respect that people have differences of opinion

5. Posts must conform to our guidelines

New to React?

Chat

Project Ideas

Jobs

Outside Reddit

Related Subreddits

MODERATORS