How to vet third party libraries for use?


(Taavi Kivisik) #1

As part of my deep dive into Go I’ve been gradually introducing myself to third party libraries in addition to the offerings of the Go standard library. Some libraries are vibrant, some have not seen a commit for years.

So my question is, how do you vet third party libraries for use?
What things you think about, look at and verify before you feel comfortable starting to use a third party library?

Some of the things I’ve considered:

  • Time since last commit (tools for fast moving web should probably need frequent updates to stay healthy, operating system related tools are probably fine with less frequent updates?)
  • Number of contributors (the more the better - it shows the library is in use and is useful enough for people to contribute)
  • Number of contributors with more 100 lines of code additions/deletions (the more the better)
  • Is testing taken seriously (it should)
  • How much is it used? (how to easily detect it? Github stars indicate something, but would be great if libraries could point out companies/projects where their library is being used)

Looking forward to your take on vetting libraries.


(Johan Dahl) #2

This isn’t really a go specific problem but the same things apply to any programming language which uses third party libraries. The situation for go is similar to nodejs/rpm.

I would do the things you says in your question. Look for popular libraries with a living community which resolve issues as they come along.


(Johan Dahl) #3

The thing besides I look for besides the things stated above is how good the documentation is and also to prefer small libraries instead of frameworks.


(Taavi Kivisik) #4

Here are the results of a Digital Ocean survey on open source which had responses from 4300 developers. One question is exactly my question: “What factors does your company consider while making business decisions around when to use open source for a particular project?”


(Johan Dahl) #5

Nice findings in that article


(ravuri sai ram akhil) #6

I have developed a package, when user runs go get pkg_name it should download some other file while installing the package how to do this.

Thanks in Advance


(Norbert Melzer) #7

Put the file in your package, it should get downloaded then.

I’m not aware of any other possibility to do what you want.


(ravuri sai ram akhil) #8

@NobbZ just giving you more info about my question.

i have written a wrapper which uses cli driver internally to connect to ibm database…so when user downloads the wrapper(package) using go get pkg_name the cli driver should also be downloaded from internet. For downloading the cli driver i have code but how that download func is called when i run (go get pkg_name)

Thanks in Advance


Automatic download of driver while instaling package
(Taavi Kivisik) #9

I feel that your question is significantly different from my initial question and would deserve a new thread.