
Ask HN: How do you choose a new library for your project? - macando
What do you rely on? Your intuition? Docs? Examples? GitHub? Search engine? History? Blogs? Do you have any process in place?
======
davismwfl
Most people just pick a library they are comfortable with or they think will
solve their current need. The reason this can be bad is because it leads to
bloat, duplication, potential licensing issues, unneeded dependencies and
honestly many times just unnecessary code being included.

When evaluating a library, the three big questions on my mind are, 1) is it
absolutely 100% necessary, 2) Does it introduce any security concerns, 3) Is
it actively maintained and licensed properly for my product license. A fourth
question closely following is what dependencies does it also introduce to my
system.

Many times going through code bases I have seen an entire library included for
1 method that could easily be replicated in code. Yes, creating your own
method comes at a cost but frankly including a library and dependency is
generally a larger cost over time.

I have also seen libraries included into code bases where the last update to
the library was 4 years ago and it is all but dead. Sure 10k projects use it
cause they included it 4 years ago but that doesn't mean it is stable,
maintained and secure today. And if a library is so simple it doesn't have to
be touched for 4 years, then likely I don't need to be including it from a
third party (but I could see exceptions).

Lastly, license type matters a ton, developers don't think about it, but
including the wrong type of open source library into a closed paid product can
be a major pain and these things have to be thought out carefully to keep the
company out of trouble.

~~~
macando
_Many times going through code bases I have seen an entire library included
for 1 method that could easily be replicated in code._

I've seen this too. Initially, I thought it was an internal joke.

 _Lastly, license type matters a ton,_

Probably more of a concern for established companies, startups usually don't
pay much attention to this.

 _A fourth question closely following is what dependencies does it also
introduce to my system._

This could be very time consuming for dependancy-rich libraries. At least
license types can be auto inspected with a recursive tool. Dispelling security
concerns would require some serious auditing.

------
Smithalicious
My main criterion is whether I like the docs or not. I rarely regret picking a
well-documented library but usually regret picking a poorly documented one.

Other than that, I try to pick the simplest library that does what I want. I
do mean simplest as in "easiest to use", not necessarily as in "most minimal",
though the two tend to correlate to some extent.

------
macando
I usually: google relevant terms -> open a few candidates in a new tab -> go
through the examples -> glance at the docs -> check the pulse and popularity
-> pick the best looking lib.

