Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Storing third-party libraries in source control

Should libraries that the application relies on be stored in source control? One part of me says it should and another part say's no. It feels wrong to add a 20mb library that dwarfs the entire app just because you rely on a couple of functions from it (albeit rather heavily). Should you just store the jar/dll or maybe even the distributed zip/tar of the project?

What do other people do?

like image 621
graham.reeds Avatar asked Sep 08 '08 05:09

graham.reeds


People also ask

What are third party libraries What is the purpose of using third party libraries in any application?

Generally, third-party libraries provide developers with the unique opportunity to integrate pre-tested, reusable software that saves development time and cost. This allows the developer to focus on the core features of the game that matter to players.

Why are third party libraries an area of risk for application development?

Third party libraries represent one of biggest, and possibly most overlooked, threats to enterprise security. That's because open source components are regularly used by enterprise application developers to speed development and avoid “re-inventing the wheel”.

How do I add a third party library in Visual Studio?

Add third-party libraries to a project Over 900 C++ open source libraries are available via the vcpkg package manager. Run the Visual Studio integration step to set up the paths to that library when you reference it from any Visual Studio project. There are also commercial third-party libraries that you can install.


2 Answers

store everything you will need to build the project 10 years from now.I store the entire zip distribution of any library, just in case

Edit for 2017: This answer did not age well:-). If you are still using something old like ant or make, the above still applies. If you use something more modern like maven or graddle (or Nuget on .net for example), with dependency management, you should be running a dependency management server, in addition to your version control server. As long as you have good backups of both, and your dependency management server does not delete old dependencies, you should be ok. For an example of a dependency management server, see for example Sonatype Nexus or JFrog Artifcatory, among many others.

like image 90
Tony BenBrahim Avatar answered Oct 07 '22 03:10

Tony BenBrahim


As well as having third party libraries in your repository, it's worth doing it in such a way that makes it easy to track and merge in future updates to the library easily (for example, security fixes etc.). If you are using Subversion using a proper vendor branch is worthwhile.

If you know that it'd be a cold day in hell before you'll be modifying your third party's code then (as @Matt Sheppard said) an external makes sense and gives you the added benefit that it becomes very easy to switch up to the latest version of the library should security updates or a must-have new feature make that desirable.

Also, you can skip externals when updating your code base saving on the long slow load process should you need to.

@Stu Thompson mentions storing documentation etc. in source control. In bigger projects I've stored our entire "clients" folder in source control including invoices / bills/ meeting minutes / technical specifications etc. The whole shooting match. Although, ahem, do remember to store these in a SEPARATE repository from the one you'll be making available to: other developers; the client; your "browser source view"...cough... :)

like image 23
reefnet_alex Avatar answered Oct 07 '22 04:10

reefnet_alex