SlideShare a Scribd company logo

GDG Morgantown, WV: Write code you can depend on!

Download as PPTX, PDF
L
Logan Spears

The hidden cost of dependencies and avoiding the left-pad problem Video: https://www.youtube.com/watch?v=ZtBDjeHILm8

Software
1 of 28
Write code you can depend on! THE HIDDEN COST OF DEPENDENCIES AND AVOIDING THE LEFT-PAD PROBLEM
Who are you?
About Me  Logan Spears  Software Consultant since 2011  Director of Development ShaleApps 2015  Worked on  iOS  Android  Server (mostly go)  Some web  github.com/loganjspears
What is the left-pad problem?
The left-pad Problem  npm package left-pad was unpublished  left-pad was a dependency of React, Babel, and other major packages.  Left-pad and its dependents were unavailable for 2.5 hours during the outage.
npm Strikes Back  npm restored left-pad and other affected packages  They severely restricted un-publishing packages  The day is saved! Total down time was only 2.5 hours. Glad it won’t happen again!
Can we review dependencies for a sec?
Dependency Pros and Cons Pros  You get to stand on the shoulders of programming giants  Developer productivity is increased  DRY principals are upheld Cons  Cognitive load increased  Abandoned projects are common  Reproducible builds can be more difficult  Surface area is larger for bugs and security vulnerabilities
Is there a larger problem here?
The Larger Problem  Dependency graphs are extensive  express dependency graph includes:  41 nodes  31 maintainers  “ee-first” contains two functions  “range-parser” contains one function  Not all dependency versions are pinned
Review of Semantic Versioning  MAJOR version when you make incompatible API changes,  MINOR version when you add functionality in a backwards- compatible manner, and  PATCH version when you make backwards-compatible bug fixes.  Express dependencies shown to the right. The “~” indicates packages that will automatically absorb patch numbers.
Breaking the Build  Can you trust 31 maintainers and countless contributors to push bug free code?  Semantic versioning is not a hard guarantee  You can’t guarantee your dependencies will pin their dependencies’ version numbers.
Security Concerns  rimrafall malicious package executing rm -rf /* /.*  npm accounts of dependency maintainers can be compromised  Commonly confused packages e.g. “express” vs “expressjs”
I deal with it now. What’s the big deal?
npm install != npm install  npm install can produce different results with the same package.json  Heroku, for example, uses npm install for deployments  Best practices advise to exclude dependencies from git  Your dev, CI, and production environment can all act differently  Everything can break when you push to production!  npm.org might be down!
Ok fine I care. What should I do?
Make your builds reproducible!  Check your dependencies into git  Architecture problems can arise  Have to remove build artifacts  npm shrinkwrap  Build Docker image (shown later)  Reduce your dependencies!
Okay you hate npm are we done?
Nope. Lets take a look at Go!
Out of the box  Typical workflow  Write code  import “github.com/org/dep”  go get  Write more code  Shared $GOPATH  Go is a new awesome language. There can’t be any problems here!
go get… Problems  $GOPATH dependency versions can conflict  Dependencies point to master branch which can change  go get can produce different results from the same source  Can I have semantic versioning back?
How do I avoid getting shot by that gopher?
Hacks prior to Go 1.6  gopkg.in  URL based versioning  Ex. “gopkg.in/yaml.v1”  GB  Alternative go tool  Separate $GOPATH for each project  godep  Embed dependencies in source  Rewrite import paths
>= Go 1.6  Vendor support added in Go 1.6  Tools now copy source into vendor directory  godep uses /vendor  Builds now reproducible from just the source  Your build can’t fail if github is down!
I am cool and use Docker. Am I covered?
Docker w/ Node & npm  Bad  CI and Production using source and Dockerfile instead of image  Good  Saving your image and running tests on it
Docker w/ Go Bad Good
“ ” A little copying is better than a little dependency. ROB PIKE

Recommended

Put an end to regression with codeception testing
Put an end to regression with codeception testingPut an end to regression with codeception testing
Put an end to regression with codeception testingJoe Ferguson
 
Composer at Scale, Release and Dependency Management
Composer at Scale, Release and Dependency ManagementComposer at Scale, Release and Dependency Management
Composer at Scale, Release and Dependency ManagementJoe Ferguson
 
DevOps + MongoDB Serverless = 
DevOps + MongoDB Serverless = DevOps + MongoDB Serverless = 
DevOps + MongoDB Serverless = Lauren Hayward Schaefer
 
Building CI/CD Pipelines for MongoDB Realm Apps
Building CI/CD Pipelines for MongoDB Realm AppsBuilding CI/CD Pipelines for MongoDB Realm Apps
Building CI/CD Pipelines for MongoDB Realm AppsLauren Hayward Schaefer
 
Documenting apps ti confnyc
Documenting apps ti confnycDocumenting apps ti confnyc
Documenting apps ti confnycJamil Spain
 
Porque Odeio Branches
Porque Odeio BranchesPorque Odeio Branches
Porque Odeio BranchesRafael Petry
 
Grails at DMC Digital
Grails at DMC DigitalGrails at DMC Digital
Grails at DMC Digitaltomaslin
 
Look, Ma! No servers! Serverless application development with MongoDB Stitch
Look, Ma! No servers! Serverless application development with MongoDB StitchLook, Ma! No servers! Serverless application development with MongoDB Stitch
Look, Ma! No servers! Serverless application development with MongoDB StitchLauren Hayward Schaefer
 

Recommended

Put an end to regression with codeception testing
Put an end to regression with codeception testingPut an end to regression with codeception testing
Put an end to regression with codeception testingJoe Ferguson
 
Composer at Scale, Release and Dependency Management
Composer at Scale, Release and Dependency ManagementComposer at Scale, Release and Dependency Management
Composer at Scale, Release and Dependency ManagementJoe Ferguson
 
DevOps + MongoDB Serverless = 
DevOps + MongoDB Serverless = DevOps + MongoDB Serverless = 
DevOps + MongoDB Serverless = Lauren Hayward Schaefer
 
Building CI/CD Pipelines for MongoDB Realm Apps
Building CI/CD Pipelines for MongoDB Realm AppsBuilding CI/CD Pipelines for MongoDB Realm Apps
Building CI/CD Pipelines for MongoDB Realm AppsLauren Hayward Schaefer
 
Documenting apps ti confnyc
Documenting apps ti confnycDocumenting apps ti confnyc
Documenting apps ti confnycJamil Spain
 
Porque Odeio Branches
Porque Odeio BranchesPorque Odeio Branches
Porque Odeio BranchesRafael Petry
 
Grails at DMC Digital
Grails at DMC DigitalGrails at DMC Digital
Grails at DMC Digitaltomaslin
 
Look, Ma! No servers! Serverless application development with MongoDB Stitch
Look, Ma! No servers! Serverless application development with MongoDB StitchLook, Ma! No servers! Serverless application development with MongoDB Stitch
Look, Ma! No servers! Serverless application development with MongoDB StitchLauren Hayward Schaefer
 
Cross Platform Mobile Development in C#
Cross Platform Mobile Development in C#Cross Platform Mobile Development in C#
Cross Platform Mobile Development in C#James Montemagno
 
DevOps + MongoDB Realm Serverless Functions = 🤩
DevOps + MongoDB Realm Serverless Functions = 🤩DevOps + MongoDB Realm Serverless Functions = 🤩
DevOps + MongoDB Realm Serverless Functions = 🤩Lauren Hayward Schaefer
 
Hands on React Native: From Zero to Hero
Hands on React Native: From Zero to HeroHands on React Native: From Zero to Hero
Hands on React Native: From Zero to HeroDmitry Vinnik
 
Common Java problems when developing with Android
Common Java problems when developing with AndroidCommon Java problems when developing with Android
Common Java problems when developing with AndroidStephen Gilmore
 
JHipster conf : craftsmanship & tdd
JHipster conf : craftsmanship & tddJHipster conf : craftsmanship & tdd
JHipster conf : craftsmanship & tddHippolyte Durix
 
Improving Code Quality In Medical Software Through Code Reviews - Vincit Teat...
Improving Code Quality In Medical Software Through Code Reviews - Vincit Teat...Improving Code Quality In Medical Software Through Code Reviews - Vincit Teat...
Improving Code Quality In Medical Software Through Code Reviews - Vincit Teat...VincitOy
 
Modern Web Testing: Going Beyond Selenium
Modern Web Testing: Going Beyond Selenium Modern Web Testing: Going Beyond Selenium
Modern Web Testing: Going Beyond Selenium Dmitry Vinnik
 
TDD on android. Why and How? (Coding Serbia 2019)
TDD on android. Why and How? (Coding Serbia 2019)TDD on android. Why and How? (Coding Serbia 2019)
TDD on android. Why and How? (Coding Serbia 2019)Danny Preussler
 
React Apps at AirHelp. Lessons learned.
React Apps at AirHelp. Lessons learned.React Apps at AirHelp. Lessons learned.
React Apps at AirHelp. Lessons learned.AirHelp
 
Continuous delivery of embedded systems embedded meetup
Continuous delivery of embedded systems embedded meetupContinuous delivery of embedded systems embedded meetup
Continuous delivery of embedded systems embedded meetupMike Long
 
Who let the robot out? - Building high quality software with Continuous Integ...
Who let the robot out? - Building high quality software with Continuous Integ...Who let the robot out? - Building high quality software with Continuous Integ...
Who let the robot out? - Building high quality software with Continuous Integ...Timo Stollenwerk
 
Fastlane on Android 介紹
Fastlane on Android 介紹Fastlane on Android 介紹
Fastlane on Android 介紹Kros Huang
 
From git to forge
From git to forgeFrom git to forge
From git to forgeNicolas Corrarello
 
Monorepo: React Web & React Native
Monorepo: React Web & React NativeMonorepo: React Web & React Native
Monorepo: React Web & React NativeEugene Zharkov
 
Monorepo: React + React Native. React Alicante
Monorepo: React + React Native. React Alicante Monorepo: React + React Native. React Alicante
Monorepo: React + React Native. React Alicante Eugene Zharkov
 
Effective Code Review (Or How To Alienate Your Coworkers)
Effective Code Review (Or How To Alienate Your Coworkers)Effective Code Review (Or How To Alienate Your Coworkers)
Effective Code Review (Or How To Alienate Your Coworkers)Perforce
 
Continuous delivery @CD Summit Stockholm
Continuous delivery @CD Summit StockholmContinuous delivery @CD Summit Stockholm
Continuous delivery @CD Summit StockholmMichael Medin
 
Continuous delivery from the trenches Redhat Forum Edition
Continuous delivery from the trenches Redhat Forum EditionContinuous delivery from the trenches Redhat Forum Edition
Continuous delivery from the trenches Redhat Forum EditionMichael Medin
 
How to Become a Conference Speaker
How to Become a Conference SpeakerHow to Become a Conference Speaker
How to Become a Conference SpeakerSven Peters
 
.concat() 2018 – How I boosted my Dev teams confidence – Lighting talk
.concat() 2018 – How I boosted my Dev teams confidence – Lighting talk.concat() 2018 – How I boosted my Dev teams confidence – Lighting talk
.concat() 2018 – How I boosted my Dev teams confidence – Lighting talkChristianStuff
 
Redesinalambricas
RedesinalambricasRedesinalambricas
RedesinalambricasHIANNI27858
 
Un ser humano en el eespacio
Un ser humano en el eespacioUn ser humano en el eespacio
Un ser humano en el eespacioHIANNI27858
 

More Related Content

What's hot

Cross Platform Mobile Development in C#
Cross Platform Mobile Development in C#Cross Platform Mobile Development in C#
Cross Platform Mobile Development in C#James Montemagno
 
DevOps + MongoDB Realm Serverless Functions = 🤩
DevOps + MongoDB Realm Serverless Functions = 🤩DevOps + MongoDB Realm Serverless Functions = 🤩
DevOps + MongoDB Realm Serverless Functions = 🤩Lauren Hayward Schaefer
 
Hands on React Native: From Zero to Hero
Hands on React Native: From Zero to HeroHands on React Native: From Zero to Hero
Hands on React Native: From Zero to HeroDmitry Vinnik
 
Common Java problems when developing with Android
Common Java problems when developing with AndroidCommon Java problems when developing with Android
Common Java problems when developing with AndroidStephen Gilmore
 
JHipster conf : craftsmanship & tdd
JHipster conf : craftsmanship & tddJHipster conf : craftsmanship & tdd
JHipster conf : craftsmanship & tddHippolyte Durix
 
Improving Code Quality In Medical Software Through Code Reviews - Vincit Teat...
Improving Code Quality In Medical Software Through Code Reviews - Vincit Teat...Improving Code Quality In Medical Software Through Code Reviews - Vincit Teat...
Improving Code Quality In Medical Software Through Code Reviews - Vincit Teat...VincitOy
 
Modern Web Testing: Going Beyond Selenium
Modern Web Testing: Going Beyond Selenium Modern Web Testing: Going Beyond Selenium
Modern Web Testing: Going Beyond Selenium Dmitry Vinnik
 
TDD on android. Why and How? (Coding Serbia 2019)
TDD on android. Why and How? (Coding Serbia 2019)TDD on android. Why and How? (Coding Serbia 2019)
TDD on android. Why and How? (Coding Serbia 2019)Danny Preussler
 
React Apps at AirHelp. Lessons learned.
React Apps at AirHelp. Lessons learned.React Apps at AirHelp. Lessons learned.
React Apps at AirHelp. Lessons learned.AirHelp
 
Continuous delivery of embedded systems embedded meetup
Continuous delivery of embedded systems embedded meetupContinuous delivery of embedded systems embedded meetup
Continuous delivery of embedded systems embedded meetupMike Long
 
Who let the robot out? - Building high quality software with Continuous Integ...
Who let the robot out? - Building high quality software with Continuous Integ...Who let the robot out? - Building high quality software with Continuous Integ...
Who let the robot out? - Building high quality software with Continuous Integ...Timo Stollenwerk
 
Fastlane on Android 介紹
Fastlane on Android 介紹Fastlane on Android 介紹
Fastlane on Android 介紹Kros Huang
 
Monorepo: React Web & React Native
Monorepo: React Web & React NativeMonorepo: React Web & React Native
Monorepo: React Web & React NativeEugene Zharkov
 
Monorepo: React + React Native. React Alicante
Monorepo: React + React Native. React Alicante Monorepo: React + React Native. React Alicante
Monorepo: React + React Native. React Alicante Eugene Zharkov
 
Effective Code Review (Or How To Alienate Your Coworkers)
Effective Code Review (Or How To Alienate Your Coworkers)Effective Code Review (Or How To Alienate Your Coworkers)
Effective Code Review (Or How To Alienate Your Coworkers)Perforce
 
Continuous delivery @CD Summit Stockholm
Continuous delivery @CD Summit StockholmContinuous delivery @CD Summit Stockholm
Continuous delivery @CD Summit StockholmMichael Medin
 
Continuous delivery from the trenches Redhat Forum Edition
Continuous delivery from the trenches Redhat Forum EditionContinuous delivery from the trenches Redhat Forum Edition
Continuous delivery from the trenches Redhat Forum EditionMichael Medin
 
How to Become a Conference Speaker
How to Become a Conference SpeakerHow to Become a Conference Speaker
How to Become a Conference SpeakerSven Peters
 
.concat() 2018 – How I boosted my Dev teams confidence – Lighting talk
.concat() 2018 – How I boosted my Dev teams confidence – Lighting talk.concat() 2018 – How I boosted my Dev teams confidence – Lighting talk
.concat() 2018 – How I boosted my Dev teams confidence – Lighting talkChristianStuff
 

What's hot (20)

Cross Platform Mobile Development in C#
Cross Platform Mobile Development in C#Cross Platform Mobile Development in C#
Cross Platform Mobile Development in C#
 
DevOps + MongoDB Realm Serverless Functions = 🤩
DevOps + MongoDB Realm Serverless Functions = 🤩DevOps + MongoDB Realm Serverless Functions = 🤩
DevOps + MongoDB Realm Serverless Functions = 🤩
 
Hands on React Native: From Zero to Hero
Hands on React Native: From Zero to HeroHands on React Native: From Zero to Hero
Hands on React Native: From Zero to Hero
 
Common Java problems when developing with Android
Common Java problems when developing with AndroidCommon Java problems when developing with Android
Common Java problems when developing with Android
 
JHipster conf : craftsmanship & tdd
JHipster conf : craftsmanship & tddJHipster conf : craftsmanship & tdd
JHipster conf : craftsmanship & tdd
 
Improving Code Quality In Medical Software Through Code Reviews - Vincit Teat...
Improving Code Quality In Medical Software Through Code Reviews - Vincit Teat...Improving Code Quality In Medical Software Through Code Reviews - Vincit Teat...
Improving Code Quality In Medical Software Through Code Reviews - Vincit Teat...
 
Modern Web Testing: Going Beyond Selenium
Modern Web Testing: Going Beyond Selenium Modern Web Testing: Going Beyond Selenium
Modern Web Testing: Going Beyond Selenium
 
TDD on android. Why and How? (Coding Serbia 2019)
TDD on android. Why and How? (Coding Serbia 2019)TDD on android. Why and How? (Coding Serbia 2019)
TDD on android. Why and How? (Coding Serbia 2019)
 
React Apps at AirHelp. Lessons learned.
React Apps at AirHelp. Lessons learned.React Apps at AirHelp. Lessons learned.
React Apps at AirHelp. Lessons learned.
 
Continuous delivery of embedded systems embedded meetup
Continuous delivery of embedded systems embedded meetupContinuous delivery of embedded systems embedded meetup
Continuous delivery of embedded systems embedded meetup
 
Who let the robot out? - Building high quality software with Continuous Integ...
Who let the robot out? - Building high quality software with Continuous Integ...Who let the robot out? - Building high quality software with Continuous Integ...
Who let the robot out? - Building high quality software with Continuous Integ...
 
Fastlane on Android 介紹
Fastlane on Android 介紹Fastlane on Android 介紹
Fastlane on Android 介紹
 
From git to forge
From git to forgeFrom git to forge
From git to forge
 
Monorepo: React Web & React Native
Monorepo: React Web & React NativeMonorepo: React Web & React Native
Monorepo: React Web & React Native
 
Monorepo: React + React Native. React Alicante
Monorepo: React + React Native. React Alicante Monorepo: React + React Native. React Alicante
Monorepo: React + React Native. React Alicante
 
Effective Code Review (Or How To Alienate Your Coworkers)
Effective Code Review (Or How To Alienate Your Coworkers)Effective Code Review (Or How To Alienate Your Coworkers)
Effective Code Review (Or How To Alienate Your Coworkers)
 
Continuous delivery @CD Summit Stockholm
Continuous delivery @CD Summit StockholmContinuous delivery @CD Summit Stockholm
Continuous delivery @CD Summit Stockholm
 
Continuous delivery from the trenches Redhat Forum Edition
Continuous delivery from the trenches Redhat Forum EditionContinuous delivery from the trenches Redhat Forum Edition
Continuous delivery from the trenches Redhat Forum Edition
 
How to Become a Conference Speaker
How to Become a Conference SpeakerHow to Become a Conference Speaker
How to Become a Conference Speaker
 
.concat() 2018 – How I boosted my Dev teams confidence – Lighting talk
.concat() 2018 – How I boosted my Dev teams confidence – Lighting talk.concat() 2018 – How I boosted my Dev teams confidence – Lighting talk
.concat() 2018 – How I boosted my Dev teams confidence – Lighting talk
 

Viewers also liked

Redesinalambricas
RedesinalambricasRedesinalambricas
RedesinalambricasHIANNI27858
 
Un ser humano en el eespacio
Un ser humano en el eespacioUn ser humano en el eespacio
Un ser humano en el eespacioHIANNI27858
 
The Production of Obesity among African American Women (Powerpoint)
The Production of Obesity among African American Women (Powerpoint)The Production of Obesity among African American Women (Powerpoint)
The Production of Obesity among African American Women (Powerpoint)Christopher Ndubuizu, MPH
 
Los nativos digitales y la busqueda de informacion en internet
Los nativos digitales y la busqueda de informacion en internetLos nativos digitales y la busqueda de informacion en internet
Los nativos digitales y la busqueda de informacion en internetIsabel lopez
 

Viewers also liked (13)

Redesinalambricas
RedesinalambricasRedesinalambricas
Redesinalambricas
 
Un ser humano en el eespacio
Un ser humano en el eespacioUn ser humano en el eespacio
Un ser humano en el eespacio
 
La robotica2
La robotica2La robotica2
La robotica2
 
The Production of Obesity among African American Women (Powerpoint)
The Production of Obesity among African American Women (Powerpoint)The Production of Obesity among African American Women (Powerpoint)
The Production of Obesity among African American Women (Powerpoint)
 
Busqueda bibliográfica
Busqueda bibliográficaBusqueda bibliográfica
Busqueda bibliográfica
 
Los nativos digitales y la busqueda de informacion en internet
Los nativos digitales y la busqueda de informacion en internetLos nativos digitales y la busqueda de informacion en internet
Los nativos digitales y la busqueda de informacion en internet
 
Seminario 5
Seminario 5Seminario 5
Seminario 5
 
Education modernization
Education modernizationEducation modernization
Education modernization
 
Presentación1seminario 3
Presentación1seminario 3Presentación1seminario 3
Presentación1seminario 3
 
Project E-NUFF Action Plan Presentation
Project E-NUFF Action Plan PresentationProject E-NUFF Action Plan Presentation
Project E-NUFF Action Plan Presentation
 
EKG PA Class 2017
EKG PA Class 2017EKG PA Class 2017
EKG PA Class 2017
 
Hazards
HazardsHazards
Hazards
 
Comparison matrix
Comparison matrixComparison matrix
Comparison matrix
 

Similar to GDG Morgantown, WV: Write code you can depend on!

Introduction to Go
Introduction to GoIntroduction to Go
Introduction to GoSimon Hewitt
 
10 Code Anti-Patterns to Avoid in Software Development.pdf
10 Code Anti-Patterns to Avoid in Software Development.pdf10 Code Anti-Patterns to Avoid in Software Development.pdf
10 Code Anti-Patterns to Avoid in Software Development.pdfAhmed Salama
 
Scaling applications with go
Scaling applications with goScaling applications with go
Scaling applications with goVimlesh Sharma
 
NodeJS vs Golang - A detailed comparison
NodeJS vs Golang - A detailed comparisonNodeJS vs Golang - A detailed comparison
NodeJS vs Golang - A detailed comparisonDevathon
 
Java And Community Support
Java And Community SupportJava And Community Support
Java And Community SupportWilliam Grosso
 
Introduction to go lang
Introduction to go langIntroduction to go lang
Introduction to go langAmal Mohan N
 
Let's Go: Introduction to Google's Go Programming Language
Let's Go: Introduction to Google's Go Programming LanguageLet's Go: Introduction to Google's Go Programming Language
Let's Go: Introduction to Google's Go Programming LanguageGanesh Samarthyam
 
Lets Go - An introduction to Google's Go Programming Language
Lets Go - An introduction to Google's Go Programming Language Lets Go - An introduction to Google's Go Programming Language
Lets Go - An introduction to Google's Go Programming Language Ganesh Samarthyam
 
PHP Mega Meetup, Sep, 2020, Anti patterns in php
PHP Mega Meetup, Sep, 2020, Anti patterns in phpPHP Mega Meetup, Sep, 2020, Anti patterns in php
PHP Mega Meetup, Sep, 2020, Anti patterns in phpAhmed Abdou
 
Golang : A Hype or the Future?
Golang : A Hype or the Future?Golang : A Hype or the Future?
Golang : A Hype or the Future?Mindfire LLC
 
Preparing for the WebGeek DevCup
Preparing for the WebGeek DevCupPreparing for the WebGeek DevCup
Preparing for the WebGeek DevCupbryanbibat
 
Google's Go Programming Language - Introduction
Google's Go Programming Language - Introduction Google's Go Programming Language - Introduction
Google's Go Programming Language - Introduction Ganesh Samarthyam
 
A First Look at Google's Go Programming Language
A First Look at Google's Go Programming LanguageA First Look at Google's Go Programming Language
A First Look at Google's Go Programming LanguageGanesh Samarthyam
 
Advantages of golang development services & 10 most used go frameworks
Advantages of golang development services & 10 most used go frameworksAdvantages of golang development services & 10 most used go frameworks
Advantages of golang development services & 10 most used go frameworksKaty Slemon
 
Rooted con 2020 - from the heaven to hell in the CI - CD
Rooted con 2020 - from the heaven to hell in the CI - CDRooted con 2020 - from the heaven to hell in the CI - CD
Rooted con 2020 - from the heaven to hell in the CI - CDDaniel Garcia (a.k.a cr0hn)
 

Similar to GDG Morgantown, WV: Write code you can depend on! (20)

Introduction to Go
Introduction to GoIntroduction to Go
Introduction to Go
 
10 Code Anti-Patterns to Avoid in Software Development.pdf
10 Code Anti-Patterns to Avoid in Software Development.pdf10 Code Anti-Patterns to Avoid in Software Development.pdf
10 Code Anti-Patterns to Avoid in Software Development.pdf
 
Scaling applications with go
Scaling applications with goScaling applications with go
Scaling applications with go
 
NodeJS vs Golang - A detailed comparison
NodeJS vs Golang - A detailed comparisonNodeJS vs Golang - A detailed comparison
NodeJS vs Golang - A detailed comparison
 
Java And Community Support
Java And Community SupportJava And Community Support
Java And Community Support
 
Introduction to go lang
Introduction to go langIntroduction to go lang
Introduction to go lang
 
Let's Go: Introduction to Google's Go Programming Language
Let's Go: Introduction to Google's Go Programming LanguageLet's Go: Introduction to Google's Go Programming Language
Let's Go: Introduction to Google's Go Programming Language
 
Lets Go - An introduction to Google's Go Programming Language
Lets Go - An introduction to Google's Go Programming Language Lets Go - An introduction to Google's Go Programming Language
Lets Go - An introduction to Google's Go Programming Language
 
12 tricks to avoid hackers breaks your CI / CD
12 tricks to avoid hackers breaks your CI / CD12 tricks to avoid hackers breaks your CI / CD
12 tricks to avoid hackers breaks your CI / CD
 
Beginning development in go
Beginning development in goBeginning development in go
Beginning development in go
 
PHP Mega Meetup, Sep, 2020, Anti patterns in php
PHP Mega Meetup, Sep, 2020, Anti patterns in phpPHP Mega Meetup, Sep, 2020, Anti patterns in php
PHP Mega Meetup, Sep, 2020, Anti patterns in php
 
Developers survival-guide
Developers survival-guideDevelopers survival-guide
Developers survival-guide
 
Untangling4
Untangling4Untangling4
Untangling4
 
Golang : A Hype or the Future?
Golang : A Hype or the Future?Golang : A Hype or the Future?
Golang : A Hype or the Future?
 
Preparing for the WebGeek DevCup
Preparing for the WebGeek DevCupPreparing for the WebGeek DevCup
Preparing for the WebGeek DevCup
 
Google's Go Programming Language - Introduction
Google's Go Programming Language - Introduction Google's Go Programming Language - Introduction
Google's Go Programming Language - Introduction
 
A First Look at Google's Go Programming Language
A First Look at Google's Go Programming LanguageA First Look at Google's Go Programming Language
A First Look at Google's Go Programming Language
 
Sonatype DevSecOps Leadership forum 2020
Sonatype DevSecOps Leadership forum 2020Sonatype DevSecOps Leadership forum 2020
Sonatype DevSecOps Leadership forum 2020
 
Advantages of golang development services & 10 most used go frameworks
Advantages of golang development services & 10 most used go frameworksAdvantages of golang development services & 10 most used go frameworks
Advantages of golang development services & 10 most used go frameworks
 
Rooted con 2020 - from the heaven to hell in the CI - CD
Rooted con 2020 - from the heaven to hell in the CI - CDRooted con 2020 - from the heaven to hell in the CI - CD
Rooted con 2020 - from the heaven to hell in the CI - CD
 

Recently uploaded

Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 
How to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdfHow to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdfLivetecs LLC
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Velvetech LLC
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
Buds n Tech IT Solutions: Top-Notch Web Services in Noida
Buds n Tech IT Solutions: Top-Notch Web Services in NoidaBuds n Tech IT Solutions: Top-Notch Web Services in Noida
Buds n Tech IT Solutions: Top-Notch Web Services in Noidabntitsolutionsrishis
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作qr0udbr0
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanyChristoph Pohl
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...Technogeeks
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Hr365.us smith
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odishasmiwainfosol
 
Xen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfXen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfStefano Stabellini
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfFerryKemperman
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 

Recently uploaded (20)

Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 
How to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdfHow to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdf
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
Buds n Tech IT Solutions: Top-Notch Web Services in Noida
Buds n Tech IT Solutions: Top-Notch Web Services in NoidaBuds n Tech IT Solutions: Top-Notch Web Services in Noida
Buds n Tech IT Solutions: Top-Notch Web Services in Noida
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
 
Xen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfXen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdf
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdf
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 

GDG Morgantown, WV: Write code you can depend on!

  • 1. Write code you can depend on! THE HIDDEN COST OF DEPENDENCIES AND AVOIDING THE LEFT-PAD PROBLEM
  • 3. About Me  Logan Spears  Software Consultant since 2011  Director of Development ShaleApps 2015  Worked on  iOS  Android  Server (mostly go)  Some web  github.com/loganjspears
  • 4. What is the left-pad problem?
  • 5. The left-pad Problem  npm package left-pad was unpublished  left-pad was a dependency of React, Babel, and other major packages.  Left-pad and its dependents were unavailable for 2.5 hours during the outage.
  • 6. npm Strikes Back  npm restored left-pad and other affected packages  They severely restricted un-publishing packages  The day is saved! Total down time was only 2.5 hours. Glad it won’t happen again!
  • 7. Can we review dependencies for a sec?
  • 8. Dependency Pros and Cons Pros  You get to stand on the shoulders of programming giants  Developer productivity is increased  DRY principals are upheld Cons  Cognitive load increased  Abandoned projects are common  Reproducible builds can be more difficult  Surface area is larger for bugs and security vulnerabilities
  • 9. Is there a larger problem here?
  • 10. The Larger Problem  Dependency graphs are extensive  express dependency graph includes:  41 nodes  31 maintainers  “ee-first” contains two functions  “range-parser” contains one function  Not all dependency versions are pinned
  • 11. Review of Semantic Versioning  MAJOR version when you make incompatible API changes,  MINOR version when you add functionality in a backwards- compatible manner, and  PATCH version when you make backwards-compatible bug fixes.  Express dependencies shown to the right. The “~” indicates packages that will automatically absorb patch numbers.
  • 12. Breaking the Build  Can you trust 31 maintainers and countless contributors to push bug free code?  Semantic versioning is not a hard guarantee  You can’t guarantee your dependencies will pin their dependencies’ version numbers.
  • 13. Security Concerns  rimrafall malicious package executing rm -rf /* /.*  npm accounts of dependency maintainers can be compromised  Commonly confused packages e.g. “express” vs “expressjs”
  • 14. I deal with it now. What’s the big deal?
  • 15. npm install != npm install  npm install can produce different results with the same package.json  Heroku, for example, uses npm install for deployments  Best practices advise to exclude dependencies from git  Your dev, CI, and production environment can all act differently  Everything can break when you push to production!  npm.org might be down!
  • 16. Ok fine I care. What should I do?
  • 17. Make your builds reproducible!  Check your dependencies into git  Architecture problems can arise  Have to remove build artifacts  npm shrinkwrap  Build Docker image (shown later)  Reduce your dependencies!
  • 18. Okay you hate npm are we done?
  • 19. Nope. Lets take a look at Go!
  • 20. Out of the box  Typical workflow  Write code  import “github.com/org/dep”  go get  Write more code  Shared $GOPATH  Go is a new awesome language. There can’t be any problems here!
  • 21. go get… Problems  $GOPATH dependency versions can conflict  Dependencies point to master branch which can change  go get can produce different results from the same source  Can I have semantic versioning back?
  • 22. How do I avoid getting shot by that gopher?
  • 23. Hacks prior to Go 1.6  gopkg.in  URL based versioning  Ex. “gopkg.in/yaml.v1”  GB  Alternative go tool  Separate $GOPATH for each project  godep  Embed dependencies in source  Rewrite import paths
  • 24. >= Go 1.6  Vendor support added in Go 1.6  Tools now copy source into vendor directory  godep uses /vendor  Builds now reproducible from just the source  Your build can’t fail if github is down!
  • 25. I am cool and use Docker. Am I covered?
  • 26. Docker w/ Node & npm  Bad  CI and Production using source and Dockerfile instead of image  Good  Saving your image and running tests on it
  • 28. “ ” A little copying is better than a little dependency. ROB PIKE