As part of my deep dive into Go I’ve been gradually introducing myself to third party libraries in addition to the offerings of the Go standard library. Some libraries are vibrant, some have not seen a commit for years.
So my question is, how do you vet third party libraries for use?
What things you think about, look at and verify before you feel comfortable starting to use a third party library?
Some of the things I’ve considered:
- Time since last commit (tools for fast moving web should probably need frequent updates to stay healthy, operating system related tools are probably fine with less frequent updates?)
- Number of contributors (the more the better - it shows the library is in use and is useful enough for people to contribute)
- Number of contributors with more 100 lines of code additions/deletions (the more the better)
- Is testing taken seriously (it should)
- How much is it used? (how to easily detect it? Github stars indicate something, but would be great if libraries could point out companies/projects where their library is being used)
Looking forward to your take on vetting libraries.