dependencies   1788

« earlier    

Mind your dependencies
As shiny as they might look, third-party dependencies always present tradeoffs and, sometimes, the implications are huge. Just make sure you understand the cost before making any commitment.
dependencies  development 
14 days ago by iyoti
Dependency computing
New notebook automatically only recalculates the minimum it needs to
notebooks  computing  make  dependencies  observable  javasacript 
17 days ago by nelson
The Tidelift Subscription
The core idea of the Tidelift Subscription is to pay for “promises about the future” of your software components.  

When you incorporate an open source library into your application, you need to know not just that you can use it as-is today, but that it will be kept secure, properly licensed, and well maintained in the future. The Tidelift Subscription creates a direct financial incentive for the individual maintainers of the software stacks you use to follow through on those commitments. Aligning everyone’s interests—professional development teams and maintainers alike.

Critically, the Tidelift Subscriptions for React, Angular, and Vue.js cover not just the core libraries, but the vast set of dependencies and libraries typically used in these stacks. For example, a basic React web application pulls in over 1,000 distinct npm packages as dependencies. The Tidelift Subscription covers that full depth of packages which originate from all parts of the open source community, beyond the handful of core packages published by the React engineering team itself.
tidelift  open-source  libraries  dependencies  coding 
6 weeks ago by jm
Today's GOPATH has two fundamental problems:

1. It only allows a single version of any given package to exist at once (per GOPATH)
2. We cannot programatically differentiate between code the user is working on and code they merely depend on

More or less all the other problems with GOPATH stem from the interaction of these two issues. Because only one version of a given package can exist at a time, it may be necessary to switch versions around to meet differing build requirements; however, we have no insight into which code the user is working on - which dictates the requirements for dependencies, and should not be changed - versus dependencies, which might be changed.

Introduction of the vendor/ directory ushered in a different paradigm: project-centric development. This wholly different approach handily addresses both of the aforementioned problems with GOPATH, and works quite well for many development workflows. With the addition of dep's standardized manifest and lock files, tooling has sufficient information to select versions for all of a project's dependencies, and reproduce that set of dependencies into vendor/ on any machine (assuming the continued upstream availability of the underlying source).
golang  go  dependencies 
6 weeks ago by dentarg

« earlier    

related tags

3rd  against  algorithms  analysis  analytics  android  androidstudio-plugin  androidstudio  antipattern  apex  architecture  architectures  article  autocompletion  autoload  automation  badge  ball  best-practices  bestpractices  big  bitbake  bitrise  boilerplate  boot  bring  browser-bridge  browser  build  buildsrc  bundle  cd  checker  checklist  ci  class  cleancode  cli  cljs  clojure  code-style  code  coding  commit  complexity  compose  composer  computing  configuration  container  containers  content-samurai  controller  conversion  conway's  core  corenlp  costs  coupling  cs  cycle  dart  database  dataset  datasets  datatables  deep-learning  demeter  dep  dependen  dependency-manager  dependency  dependencymanagement  depgraph  deployment  deps  dev  devdependencies  development  devops  di  difference  docker  documentation  dot  dotnet  emacs  engineering  environments  erichschubert  error  evolutionary  example  executable  explanation  ezjs  firebase  flat  flatpack  forward  free  gem  git  github  go  go_build  go_tr  golang  google  gopath  gopkg.lock  gopkg.toml  gradle-plugin  gradle  graph  graphs  guide  howto  image  import  important  injection  install  instapaper  interop  ios  java  javasacript  javascript  js  june  kernel  kotlin  laravel  laravel5.5  laravel5  law  layering  layers  libraries  library  license  links  linting  linux  loose  lua  maintenance  make  manage  management  manager  marketplace  maven  microservices  mix  module  modules  mud  multimodule  nlp  node.js  node  nodejs  notebooks  npm  nrtv  observable  obsolete  of  online  oop  open-source  opensource  orgmode  package-management  package-manager  package  packagemanagement  packages  packaging  pain  paket  parse  parser  parsing  partition  party  peer  peerdependencies  peerdependency  pg  php  pi  pip-alternative  pip  pipfile-alternative  plugin  program  programming  proof  pull-requests  python  quality  rails  raspberry  read  reference  remove  repository  requirements  resolution  ror  ror4.2.0  ruby  rubyonrails  rust  s3  s3wagon  safety  security  semver  service  services  setuptools  sf3  shell  single  size  software-engineering  software  sorting  stack  stackoverflow  stacks  static  submodules  svg  swift  swiftpm  symfony  syntaxnet  tech  techicaldebt  technicaldebt  templating  tenancy  tensorflow  testing  the  third  tidelift  tolearn  tool  tools  toread  tounderstand  tree  troubleshoot  typescript  ubuntu  ubuntu14.04  ubuntu16.04  unix  unmet  user  verification  version  versioning  visualisation  visualization  vulnerability  web  webpack  wordpress  workflow  wysiwyg  yarn  yocto 

Copy this bookmark: