1
00:00:02,400 --> 00:00:04,620
So libraries can be really useful,

2
00:00:04,620 --> 00:00:06,020
axios was really useful,

3
00:00:06,030 --> 00:00:08,320
Lodash also is really useful here.

4
00:00:08,320 --> 00:00:12,810
Now still there are a couple of things you should keep in mind when working with libraries, for one

5
00:00:12,810 --> 00:00:18,810
keep in mind that for example Lodash here, if you add it like this, includes a lot of functionality which

6
00:00:18,810 --> 00:00:19,980
you never use.

7
00:00:19,980 --> 00:00:25,830
We only use the difference method here and yet we still import all the other features as well,

8
00:00:25,860 --> 00:00:31,840
that means that users of our application will download all that code even if we just use one feature.

9
00:00:31,980 --> 00:00:38,010
We can see the effect if we reload our page, you see the Lodash package here has 24kb.

10
00:00:38,010 --> 00:00:43,740
Now obviously that's not that big but it's way bigger than the rest of our application, so that can be

11
00:00:43,740 --> 00:00:49,260
a downside, you're downloading way more than you might need and that could slow down the initial loading

12
00:00:49,260 --> 00:00:55,530
time of your application which matters a lot if your application primarily targets people in areas of

13
00:00:55,530 --> 00:00:58,350
the world with poor internet connection.

14
00:00:58,350 --> 00:00:59,810
So that's one thing to keep in mind,

15
00:00:59,820 --> 00:01:02,180
you might include a lot of overhead.

16
00:01:02,190 --> 00:01:08,730
That being said however, it is worth pointing out that many libraries allow you to import them in different

17
00:01:08,730 --> 00:01:09,360
ways,

18
00:01:09,360 --> 00:01:14,670
for example Lodash gives you a core build which only comes with some of the features, which is way

19
00:01:14,670 --> 00:01:19,660
smaller or in more advanced project setups which we'll also cover later in the course,

20
00:01:19,770 --> 00:01:26,520
you even have other capabilities of basically just importing parts of a library and then stripping out

21
00:01:26,520 --> 00:01:28,020
the parts which you don't need.

22
00:01:28,170 --> 00:01:33,990
This project setup is not capable of doing that but we'll have a look at our project setups later in

23
00:01:33,990 --> 00:01:39,900
the tooling section. So you can mitigate this problem but still, it is something to keep in mind, also

24
00:01:39,900 --> 00:01:45,570
because not all libraries allow you to be as selective as I just described.

25
00:01:45,630 --> 00:01:51,870
In addition to that, you also want to make sure you are working with libraries which are secure and well

26
00:01:51,870 --> 00:01:54,500
maintained, let's use axios here.

27
00:01:54,510 --> 00:01:59,400
It's open source which means everyone can view the source and everyone can collaborate.

28
00:01:59,400 --> 00:02:05,790
Now typically when you want to work on the code and share your edited code, of course it's validated

29
00:02:05,940 --> 00:02:13,260
before it's merged into this codebase, so you can't easily hack this library, instead open source typically

30
00:02:13,260 --> 00:02:19,990
actually improves code quality and security because more people are looking over it and working on it.

31
00:02:20,040 --> 00:02:25,800
So having open source is generally good but you want to make sure that the library you're using is also

32
00:02:25,920 --> 00:02:33,120
actively maintained, so that if there are bugs, bugs that break your application or security issues which

33
00:02:33,120 --> 00:02:37,470
of course also are very important, that they are fixed in time.

34
00:02:37,470 --> 00:02:40,760
Now an indicator for that for example is to view the last commit,

35
00:02:40,770 --> 00:02:44,740
this basically means when the code was edited the last time.

36
00:02:44,790 --> 00:02:50,130
If this is two years old, then it looks like it's not actively maintained anymore,

37
00:02:50,130 --> 00:02:53,400
two days, a week, a month, that is pretty active.

38
00:02:53,970 --> 00:03:00,390
You can also check the releases page on Github to find out how often new versions are released and if that

39
00:03:00,390 --> 00:03:04,550
is fairly regular, let's say once a year, twice a year,

40
00:03:04,650 --> 00:03:07,220
then this also seems to be actively maintained,

41
00:03:07,260 --> 00:03:13,860
for example axios here had its last release on June 1st at the point of time I'm recording this, which

42
00:03:13,860 --> 00:03:16,250
is not too far in the past.

43
00:03:16,290 --> 00:03:21,030
You can also check out the issues here and it's quite normal that every package which is popular has

44
00:03:21,030 --> 00:03:23,800
a lot of issues to get an overview if

45
00:03:23,850 --> 00:03:28,920
there are any big problems, though the sheer number here shouldn't be an indicator,

46
00:03:28,920 --> 00:03:34,680
as I said the more popular packages, the more issues it will have, not all issues here have to be real

47
00:03:34,680 --> 00:03:37,230
issues let alone big issues.

48
00:03:37,230 --> 00:03:39,600
So these are some of the things you want to watch out for.

49
00:03:39,600 --> 00:03:45,390
You can also judge the popularity of a package by looking at the Github stars, axios has a lot of them.

50
00:03:45,420 --> 00:03:50,190
if you also have a look at some other packages, some other projects in Github, you will see that they

51
00:03:50,190 --> 00:03:53,880
typically have way less stars than that.

52
00:03:53,970 --> 00:03:57,500
So these are some of the things you want to consider when choosing a package,

53
00:03:57,510 --> 00:03:59,660
why are these things important?

54
00:03:59,730 --> 00:04:05,370
Because for one you of course don't want to add a package which might open up a security hole, that's

55
00:04:05,430 --> 00:04:07,490
very important that you don't do that

56
00:04:07,660 --> 00:04:13,470
and in addition even if it's not insecure, if it has bugs which are not getting fixed because it's not

57
00:04:13,470 --> 00:04:19,050
maintained anymore, then your application might break and all of a sudden, the package you're depending

58
00:04:19,050 --> 00:04:25,880
on is not getting updated anymore, so your application is broken and now you have to find an alternative

59
00:04:26,160 --> 00:04:32,280
or write the logic which you previously used from the package on your own to make your application work

60
00:04:32,280 --> 00:04:33,210
again.

61
00:04:33,210 --> 00:04:38,910
So these are some considerations you should keep in mind and with all of that in mind though, there is

62
00:04:38,910 --> 00:04:41,910
nothing that speaks against using third-party libraries,

63
00:04:41,910 --> 00:04:48,750
they can really make your life easier and in modern development, it's normal to use typically a couple

64
00:04:48,930 --> 00:04:52,520
of external libraries in every project you're working on.