/ Web Dev Zone
Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

The Honey Trap of Copy/Pasting Open Source Code

DZone's Guide to

The Honey Trap of Copy/Pasting Open Source Code

I couldn’t agree more with Bill Sourour’s article ‘Copy.Paste.Code?’ which says that copying and pasting code snippets from sources like Google and StackOverflow is fine as long as you understand how they work. But, extra measures need to be taken if that code is open source.

by
Rami Sass
·
Aug. 30, 16 · Web Dev Zone
Free Resource

Comment (1)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Prove impact and reduce risk when rolling out new features. Optimizely Full Stack helps you experiment in any application.

Image title

I couldn’t agree more with Bill Sourour’s article ‘Copy.Paste.Code?’ which says that copying and pasting code snippets from sources like Google and StackOverflow is fine as long as you understand how they work. However, the same logic can’t be applied to open source code.

When I started open source coding at the tender age of fourteen, I was none the wiser to the pitfalls of copy/pasting open source code. I took it for granted that if a particular snippet performed my desired function, I could just insert it into my code, revelling in the fact that I'd just gotten one step closer to getting my software up and running. Yet, since then, through much trial and error, I’ve learned a thing or two about how to use open source code effectively.

Don’t Let Your Open Source Usage Fall Below the Radar

As CEO of WhiteSource, I often hear the same question that many of you are probably thinking: Copy and pasting code is great. It saves us time and makes us better developers in the process. Why should open source snippets be any different? Well, in one word, the answer is "visibility."

Image title

Now, return to my fourteen-year-old self borrowing open source code... once I copied and pasted the snippet, I found out that I was unable to track its usage as I hadn’t taken its source code and dependencies along for the ride. Therefore, I was left in the dark when a software bug or security vulnerability was discovered/fixed with a patch or new version.

And, even if the code in question was flawless (And, what in this world is?), I was unable to update it when the opportunity arose as I had no idea where it was located, or I simply forgot I was using it.

Avoid Freezing Your Code

One of the things I love about open source is that things never stand still. There are always new practices to learn, projects to contribute to, and new features & improvements to benefit from. However, once you copy and paste even a few lines of open source code, you’re basically freezing it. Unable to go back if you experience compatibility issues, unable to go forward if new patches or versions are released.

Image title

This is a lesson I learned the hard way and a mistake I’ve seen many programmers make since. Therefore, maybe you should think twice the next time you get the itch to copy and paste open source snippets.

So, if you can’t simply copy and paste open source code, how can you use open source components more wisely?

#1 — Fork It

Many, including myself, hold ‘forking’ as the poster-child of effective open source practices.

So, what is forking, exactly?

Basically, forking allows you to clone the source code from a software program and develop an entirely new program from it.

Not only that, as you are copying the snippet’s source code, you maintain a link to its original library, meaning you can modify it in the future, whether that be rolling back updates or tracking and applying updates.

For those of you want to avoid the heavy lifting of compiling and building your own package, forking may not be the way to go. However, the next option might be for you.

#2 — Managing Changes With a Facade Pattern

If you want to use a code snippet, but don’t want to download the entire source project and all the dependencies with it, using a Facade pattern is another route you could take.

By using a Facade, you’re able to wrap the component in your own interface, allowing you to replace the library with another if the need arises. By wrapping the component, you’re also able to monitor where the wrapper is used, and you can ‘hide’ any undesirable functions. However, if you want to keep your download super lightweight, only using a specific binary library may be the way to go.

#3 — Using the Binary Library

If you only want to download the library that performs your specific function rather than the whole source project, you might want to think about only using the desired binary library.

Think about it like you would if you were upgrading a car. The suspension is fine. The steering is fine. The acceleration is fine. The only thing you need to do is replace the engine. Who would you trust more to do it? The engineers from BMW, or yourself with a rough ‘how to’ guide picked up from the internet.

Getting the Most Out of Open Source

Like Bill and his upcoming Dev Mastery project, I’m also a big believer in helping developers to fine tune their skills and boost their careers. So, if you found this post useful, please share so others don’t fall into the trap of copy/pasting open source code.

Open source has been with us for over 30 years now, and it’s certainly here to stay. And simply by following a few best practices, we can all maximize the benefits it offers us.

With SDKs for all major client and server side platforms, you can experiment on any platform with Optimizely Full Stack.

Like This Article? Read More From DZone

Anatomy of an Exploit: Stack Smashing and Registers
The Cost of Doing the ELK Stack on Your Own
This Month in Cloud: AWS Lambda, Azure Stack, and Containers

Free DZone Refcard

Getting Started With Java-Based CMS
DOWNLOAD
Topics:
open source ,library ,stack overflow

Comment (1)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Opinions expressed by DZone contributors are their own.

Web Dev Partner Resources

Learn how to experiment server-side with Optimizely Full Stack. Watch a six-minute demo today.
See how top engineering teams are experimenting in any application. Watch a webinar on Optimizely Full Stack.
See what’s possible — create data-driven apps faster by eliminating query writing
7 Reasons Why Crafter Should Be On Your Web CMS Shortlist
Building and Optimizing Multi-Channel Web Experiences
How to Add Authentication to Your Angular Progressive Web Application (PWA)
Bootiful Development with Spring Boot and Angular
A/B testing isn't just for marketing teams. Learn how engineering teams can experiment across all platforms.
The Node.js ecosystem has done an absolutely fantastic job in providing tools that help speed development workflows and streamline the process of writing and shipping code.
Try Qlik Playground: a free programming environment to test the data-driven app of your dreams
Tutorial: Develop a Mobile App With Ionic and Spring Boot
A Guide to Modern Java Web Development with Crafter CMS

Web Dev Partner Resources

Learn how to experiment server-side with Optimizely Full Stack. Watch a six-minute demo today.
See how top engineering teams are experimenting in any application. Watch a webinar on Optimizely Full Stack.
See what’s possible — create data-driven apps faster by eliminating query writing
7 Reasons Why Crafter Should Be On Your Web CMS Shortlist

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.linkDescription }}

{{ parent.urlSource.name }}
by {{ parent.authors[0].realName || parent.author}}
· {{ parent.articleDate | date:'MMM. dd, yyyy' }} {{ parent.linkDate | date:'MMM. dd, yyyy' }}
· {{ parent.portal.name }} Zone