The Honey Trap of Copy/Pasting Open Source Code
The Honey Trap of Copy/Pasting Open Source Code
I couldn’t agree more with Bill Sourour’s article ‘Copy.Paste.Code?’ which says that copying and pasting code snippets from sources like Google and StackOverflow is fine as long as you understand how they work. But, extra measures need to be taken if that code is open source.
Join the DZone community and get the full member experience.Join For Free
Learn how error monitoring with Sentry closes the gap between the product team and your customers. With Sentry, you can focus on what you do best: building and scaling software that makes your users’ lives better.
I couldn’t agree more with Bill Sourour’s article ‘Copy.Paste.Code?’ which says that copying and pasting code snippets from sources like Google and StackOverflow is fine as long as you understand how they work. However, the same logic can’t be applied to open source code.
When I started open source coding at the tender age of fourteen, I was none the wiser to the pitfalls of copy/pasting open source code. I took it for granted that if a particular snippet performed my desired function, I could just insert it into my code, revelling in the fact that I'd just gotten one step closer to getting my software up and running. Yet, since then, through much trial and error, I’ve learned a thing or two about how to use open source code effectively.
Don’t Let Your Open Source Usage Fall Below the Radar
As CEO of WhiteSource, I often hear the same question that many of you are probably thinking: Copy and pasting code is great. It saves us time and makes us better developers in the process. Why should open source snippets be any different? Well, in one word, the answer is "visibility."
Now, return to my fourteen-year-old self borrowing open source code... once I copied and pasted the snippet, I found out that I was unable to track its usage as I hadn’t taken its source code and dependencies along for the ride. Therefore, I was left in the dark when a software bug or security vulnerability was discovered/fixed with a patch or new version.
And, even if the code in question was flawless (And, what in this world is?), I was unable to update it when the opportunity arose as I had no idea where it was located, or I simply forgot I was using it.
Avoid Freezing Your Code
One of the things I love about open source is that things never stand still. There are always new practices to learn, projects to contribute to, and new features & improvements to benefit from. However, once you copy and paste even a few lines of open source code, you’re basically freezing it. Unable to go back if you experience compatibility issues, unable to go forward if new patches or versions are released.
This is a lesson I learned the hard way and a mistake I’ve seen many programmers make since. Therefore, maybe you should think twice the next time you get the itch to copy and paste open source snippets.
So, if you can’t simply copy and paste open source code, how can you use open source components more wisely?
#1 — Fork It
Many, including myself, hold ‘forking’ as the poster-child of effective open source practices.
So, what is forking, exactly?
Basically, forking allows you to clone the source code from a software program and develop an entirely new program from it.
Not only that, as you are copying the snippet’s source code, you maintain a link to its original library, meaning you can modify it in the future, whether that be rolling back updates or tracking and applying updates.
For those of you want to avoid the heavy lifting of compiling and building your own package, forking may not be the way to go. However, the next option might be for you.
#2 — Managing Changes With a Facade Pattern
If you want to use a code snippet, but don’t want to download the entire source project and all the dependencies with it, using a Facade pattern is another route you could take.
By using a Facade, you’re able to wrap the component in your own interface, allowing you to replace the library with another if the need arises. By wrapping the component, you’re also able to monitor where the wrapper is used, and you can ‘hide’ any undesirable functions. However, if you want to keep your download super lightweight, only using a specific binary library may be the way to go.
#3 — Using the Binary Library
If you only want to download the library that performs your specific function rather than the whole source project, you might want to think about only using the desired binary library.
Think about it like you would if you were upgrading a car. The suspension is fine. The steering is fine. The acceleration is fine. The only thing you need to do is replace the engine. Who would you trust more to do it? The engineers from BMW, or yourself with a rough ‘how to’ guide picked up from the internet.
Getting the Most Out of Open Source
Like Bill and his upcoming Dev Mastery project, I’m also a big believer in helping developers to fine tune their skills and boost their careers. So, if you found this post useful, please share so others don’t fall into the trap of copy/pasting open source code.
Open source has been with us for over 30 years now, and it’s certainly here to stay. And simply by following a few best practices, we can all maximize the benefits it offers us.
Opinions expressed by DZone contributors are their own.