One of the messaging apps that we are experimenting at work with is Slack. I’ve recently downloaded the Slack desktop app, and, out of curiosity as to what it was written in (because it’s 300MB after a few minutes of use), viewed it’s licence file.
The source code for Slack’s desktop app isn’t publically available, so I cannot link to it. But basically it has the licence for every open source library it uses. Almost all open source require the copyright notice to be included. And Slack had them all - all 420ish packages in a 10,000 line licence file.
Now to make this clear, I am all for using packages and libraries. It is not only a good idea, it is required for success of any project. Writing things from scratch is error prone, and you are basically throwing out money by not using OSS.
But 420 packages? I casually went through the list and picked one at random to see how complicated some of these packages are. I (and no mean to pick on the author of these packages here) found user-home - a package that tells you the path of the user’s directory. It is 2 lines of code. All the work is done in another project called os-homedir. Which in itself is under 25 lines of code, but I suppose there is some logic you want to re-use.
To the os-homedir/user-home author’s credit, they state that the library is to “Ponyfill” (like polyfill, but not replace the native implementation if it exists) older versions of Node.js.
None of this seems to make sense as Slack looks to package the runtime with their installer so they can choose to use the newer version.
So what are the downsides of using more packages? From a development standpoint, there are a few downsides:
- The time it takes to make a build. (1 time cost for developers, expensive when doing CI/regular builds)
- Keeping packages up-to-date. This is important for some but not all packages. This is something I don’t think many people do well even for a few package dependencies, but for 400+ I bet most are not up-to-date.
- Code size and complexity. No such thing as a free lunch, packages often come with features that go unused.
So what do you think? Such a thing as using too many package dependencies?