Dependencies
"When the Gods wish to punish us, they answer our prayers." – Oscar Wilde
For decades, the idea of code reuse was merely a dream. The idea that code could be written once, packaged into a library, and reused across many different applications was an ideal, realized only for a few standard libraries and for corporate in-house tools.
The growth of the internet and the rise of open source software finally changed that. The first openly accessible repository that held a wide collection of useful libraries, tools, and helpers, all packaged up for easy reuse, was CPAN: the Comprehensive Perl Archive Network, online since 1995. Today, almost every modern language has a comprehensive collection of open source libraries available, housed in a package repository that makes the process of adding a new dependency easy and quick.1
However, new problems come along with that ease, convenience, and speed. It's usually still easier to reuse existing code than to write it yourself, but there are potential pitfalls and risks that come along with dependencies on someone else's code. This chapter of the book will help you be aware of these.
The focus is specifically on Rust, and with it the use of the cargo
tool,
but many of the concerns, topics, and issues covered apply equally well to other toolchains (and other languages).
With the notable exception of C and C++, where package management remains somewhat fragmented.