By Nicholas Zakas CHAPTER 2
Web development has a vibrant open source community with very
many third-party components available free of charge. That’s the good
news. The bad news is that sifting through the large sea of open-source
components makes it hard to find quality. Even component catalogs, such
as the jQuery Plugin Registry^20 and the NPM Registry^21 , make it diffi-
cult to find quality components. Each component is placed on an equal
footing with the others, and sometimes arbitrary rating systems, such as
stars or popularity, or when the component was recently updated, don’t
tell the full story.
What you are looking for is a third-party component you can trust.
The whole point of using a third-party component is to free yourself
from maintaining some code. To do that, you need a reasonable degree of
certainty that the code hasn’t been abandoned. If you end up including a
third-party component that is no longer updated then, eventually, you will
end up maintaining it for yourself. Likewise, if the component is being
maintained but it takes a long time for the developer to respond to your
queries, then you will ultimately modify it yourself because you can’t wait
for an official release.
So how can you tell that a third-party component is trustworthy? Here
are some things to evaluate.
When was it last updated? If the component was recently updated, there
is a greater chance that it will continue to be updated in the future. If the
component hasn’t been recently updated, then it might be abandoned. In
general, look for things that have been changed in the past month. That’s a
pretty good indicator that they’re still under active development.
Who is the developer? If the component is provided by a company or or-
ganization, it is a safer bet than a component supported by a single person.
There are lots of open-source projects that are released by their authors
and then discarded. Avoid those components whenever you can.