+ 1

TODOs in external dependencies

I found out today that there are 13 TODO items in one of the Packagist components (nikic/php-parser) installed in my project. Some of them seem to be quite relevant like - TODO Add <?php properly - TODO These need to be treated more carefully (and some commented out code🤨) I am very confused since I don't even know what the component does. It was installed by another component (slim/slim). Is this normal? As anyone experienced this?

20th Jul 2020, 12:08 PM
Ore
Ore - avatar
6 odpowiedzi
+ 1
Not really, todos should be removed / solved for production versions. If you're trying any sort of beta-version or a rarely used lib which is maintained only by few developers, this might happen. But me, it wouldn't make too trustful. You can probably check the project's state on web, if it's open source. Might be enlightening... If the number of todos increases with updates, I would for sure remove it and look for alternatives.
20th Jul 2020, 1:42 PM
Sandra Meyer
Sandra Meyer - avatar
+ 2
Sandra Meyer I agree. It is weird how a lot of people use it anyway. I checked the version again to confirm it was a major release not a beta version or sort of.
20th Jul 2020, 3:23 PM
Ore
Ore - avatar
+ 1
Sandra Meyer Thanks. It is actually a popular packagist component and still actively used which is strange. https://packagist.org/packages/nikic/php-parser Anyways, I ran "composer.phar show" to check all my dependencies in use. Turns out it was not in use. It was probably a remnant of something I deleted manually. I deleted it and my program still seems to work fine.
20th Jul 2020, 2:09 PM
Ore
Ore - avatar
+ 1
Would not be acceptable for me. In my job context, I would not even approve such code for production. Even for purely and exclusively internal used software, this was not allowed in any of my projects, in most cases actually forbidden by the devs head. I can deal quite good with minor issues, but I would at least claim a ticket for that, so everybody knows where and what are the minor issues and for the purpose to provide a known issues list. Not sure what three background of this piece of code might be, but for me it's not acceptable at all. Especially if the software is intended to be used by quite a lot of people within many installations. Hope it's not relevant 👍
20th Jul 2020, 2:34 PM
Sandra Meyer
Sandra Meyer - avatar
+ 1
Btw. commented out should be marked as deprecated.
20th Jul 2020, 2:36 PM
Sandra Meyer
Sandra Meyer - avatar
0
1 thing to add: if each todo was connected with a ticket number or something similar, it would be much more trustable for me. Then the devs might just use the keyword todo for filtering...
20th Jul 2020, 1:45 PM
Sandra Meyer
Sandra Meyer - avatar