Countless forums are filled with statements like why Python is better than Java and why one must code in NodeJS. How easy is to get the job done in an XYZ language? Most of these responses stem from a lack of experience managing production-grade Enterprise software. Understanding the phases that a software transitions through post-go-live is vital.
Applications deployed in a production environment, often need to address the following challenges
- Timely upgrade of application dependencies to avoid deprecation.
- CVE free libraries.
- Quick patches to address security issues or functional bugs.
- Upgrade dependencies to be compliant with underlying platforms.
- Continued support for Observability and security platforms (and may be new ones).
Applications are primarily built on top of Language SDK + libraries. In most cases, the language SDKs are often backed by reputed organizations, but the same cannot be confidently said about dependencies. Often these dependencies are sourced from Publicly available package management solutions like NPM, and Github/Maven repositories. We have been witnessing incidents wherein
- A rogue developer taking over commonly used libraries and causing catastrophic damage.
- Libraries managed by individual contributors, are suddenly left orphaned due to lack of interest/time shortage.
- No insights/roadmap about the future releases.
- Conflicting dependencies due to multiple sources.
Does that mean avoid using Open-source contributions and relying only on commercial technologies? One can build an entire dependency chain in-house but that's not always an option. This is where organizations like Apache, and Spring have been providing reliable softwares and are releasing timely updates. What makes more sense? dependencies with no clear visibility about the future or an established organization with the right amount of funding releasing software. There are limited language ecosystems that are backed by solid communities.
Most of the time, people who develop the software are not the ones who support it in production. It is important to understand, considering a language for development, cannot be based on comfort level but with a deep understanding of what the future holds.
Comments