How does your organization currently vet the open source packages you’re using to build your apps?
If your organization is like most companies using open source, there is no formal vetting process. Only 9% (!) of companies have a formal process for introducing new open source dependencies.
Software development teams are expected to deliver amazing products quickly, and, luckily, there’s a wide selection of open source components available to accelerate the application development process. Because of this, we estimate that most modern applications are built on a foundation of 70% or more open source code.
So how are package decisions made? In a recent survey jointly conducted with the New Stack, we found that some of the key factors developers consider when choosing an open source package include:
- What license the package uses
- Volume of commits and pull requests
- Maintainer responsiveness
- Established policies and documents
In this new version of our popular guide, we teach you how to make smart open source package choices, starting with building an acceptable short list, winnowing down your list to the best options, making a selection, and what to do when there are no perfect options. Check it out!