Paula SantamaríaMost of us would probably agree that Googling is a big part of a developer’s job. We regularly browse the internet in search of tutorials, documentation and we even copy & paste code to our own projects. Copy-pasting code can be a huge time saver, but how can we be sure the code we’re copying is safe and won’t bring new problems to our software? 🤔
Here are 6 questions I ask myself before copy-pasting code into my projects:
1. How does this work?
This may sound obvious, but it may come a time when you need a solution fast and, in the rush, just copy and paste whatever works into your project without trying to understand why and how it works.
When you don’t take the time to really understand the new code, you’re:
- Missing out on learning something new
- Taking the risk of introducing new bugs or problems
- Possibly going against the project’s architecture
2. How old is this code?
Or, also, which version of the framework/language does it target?
You may encounter a solution that was written for an older version of the framework or language you’re using.
In the best of cases you’ll realize the code is old when the compiler fails and tells you the method doesn’t exist or was deprecated. But if it doesn’t, this could lead you to:
- Introduce deprecated methods in your code
- Missing out the opportunity of applying a better solution using an updated version
3. How will this code affect my project?
Does the code follow patterns that go against the architecture of the project? Will it make me introduce bad practices or anti-patterns? Was it written on a completely different context?
Here’s an example:
Suppose you're working on an android app that should be able to run on low-end devices, and the code you're copying is not optimized for that. You could be harming your users, even if the code "works".
4. Does the code require any dependencies?
I’m usually reluctant to introduce new dependencies just to solve a single issue, but (as I said in my post about minimalism and clean code) I understand there are times when introducing a new dependency could be necessary.
In any case, before copying and pasting the code and blindly installing whatever dependencies it comes with, we should at least understand which they are and if it’s safe to incorporate them in our code (not every dependency is trustworthy).
Here's a great post about evaluating dependencies:
5. Is this code really necessary?
Once we understand how the code we’re considering to copy-paste actually works we should evaluate if we really need it. Maybe our project’s architecture already has a solution to our problem that we could use and we didn’t notice before.
In some cases the solution we find online helps us understand the problem, and this new level of understanding gives us the opportunity to implement our own solution that works better with our architecture and project than the code we were going to copy-paste.
6. What does the official documentation say? 📄
It’s interesting to check the official documentation of a language or framework for solutions, it usually contains best practices and nice tips that will help you get a deeper understanding about how the code works.
How do you keep your code safe when copy-pasting from online sources?
What's your approach? Let me know if there's anything else you do!
Some folks shared some articles about security issues that one could introduce when copy-pasting code. I honestly didn't think about this when writing this article, but I think it's important, so here are their comments:
Great advice, definitely something to keep in mind.
One question I would like to add is "Is the code source safe and reputable?". Especially if we want to run it in the terminal. Some time ago, I've read this article and always kept it in mind when copy/pasting the code: blog.securelayer7.net/exploiting-b...
Thank you very much for including my article, by the way.
Relevant article from BBC News.
It's also worth mentioning that copying and pasting from within the same project is also a no-no. It's a source of considerable technical debt and it WILL bite you later on when you need to update the functionality. It's always a good use of time to make that functionality reusable properly rather than just carelessly copying and pasting it. If you're rushing to get something live when under the gun, you can justify it, but only if you make sure you go back later and refactor it.