You should give more love to your dependencies

09 Jan 2023

Most of the Apps use external libraries & dependencies to be generated. It is important to keep an eye on the dependencies you use, otherwise you may have costs or limitations. On AppScan, one of the pillar of the audit of an App is the check of the dependencies. To do that, we have created a scoring for all the library.

This scoring, named “Vitality” is based on multiple variables :

  • Is the library actively maintained? Look for signs that the library is still being developed and supported, such as recent commits on the repository, the presence of an active maintainer, and the availability of documentation.
  • Does the library have a large and active user base? A library with a large number of users and contributors is typically a good sign that it is reliable and well-supported.
  • Does the library have any known issues or limitations? It is important to be aware of any known issues or limitations of the library, as it may affect its suitability for your project.

We have listed the different concerns that we can have for a library depending on the type of the state of the library

🤓 You don’t use the last version of a library

You are using a good library, but not the last versions published. It’s normal situation, the library received recent updates, but your App is in production. Do you need to update your library? What are the risks to not do it?

The problems to not use the last version of a library:

  • Some issues may exist in the Library, but maybe you don’t use 100% of the features so you are not impacted.
  • Some new API can be interesting to use, but you are satisfied of with you have already.

😵‍💫 You don’t use the last MAJOR version of a library

You are using a good library, but not the last MAJOR versions published. This situation can be a problem because a Major version means breaking changes, so you probably need to update some things in your code, but Major versions mean lot a new things and probably a lot of issues fixed.

The problems to not use the MAJOR version of a library:

  • Problems of “Not the last version”
  • Your library version will never receive updates

😱 You have too many issues in a library

If the library is maintained and as a big real usage on Github, let’s have a look into the issues. Big projects lead to the big list of issues and probably a huge community to fix them. Look at Alamofire versions of the AppStore, actually 37 open issues, it’s not big at all if we considered the 38k stars and the awesome usage on the AppStore (21% of the Apps).

The problems to not use the buggy library:

  • Issues exist, so you have troubles
  • Issues exist and maybe you have to fix yourself the library

😱😱 You use a not Active Library

Is the library actively maintained? Look for signs that the library is still being developed and supported, such as recent commits on the repository, the presence of an active maintainer. If there is no commitment since 6 months …. it may be a considered as a deprecated library

The problems to use of not Active library:

  • Issues exist but are not documented (no issue opened)
  • Issues exist and are not fixed, maybe a branch exists… but it’s a little bit dark.

🤬 You use a not Adopted Library

Is the library actively used by someone? Is there enough stars/forks on Github?, is there a real usage on the AppStore? That’s why we have started an AppStore inspection to know the real usage of the libraries.

The problems to use of not really used library:

  • Issues exist but are not documented (no issue opened)
  • There is no really testing/validation because there is now real usages
  • No maintenance in the future?

🤬🤬 You use a Deprecated Library

Is the library maintained? Is it officially deprecated? We have a very good example : AFNetworking versions on the AppStore, deprecated officially since 2 years and still used by 8% of the Apps on the AppStore.

The problems to use a deprecated library:

  • Problems of “Not the last version”
  • Problems of “Not the MAJOR version”
  • Problems of “Not Active Library”
  • No more testing on new OS versions … so you will have probably more and more issues
  • Incompatibility with Xcode updates
  • Incompatibility with Swift versions
  • Incompatibility with a new devices

Do you want to check your App?