Lightweight is the right weight


Dependencies matter. Every dependency you add to your project is an invitation to break your project.

You send that invitation to the direct dependency author, and every downstream author. Add dependencies with care. Evaluate the trade-offs between depending on another package/library and using existing functionality.

When you choose to depend on other projects, consider whether you will use the dependency in standard and common ways. You may want to look for an alternative if you would test the boundaries of its' functionality.


Articles discussing dependency management

Though the title is dramatic, Code dependencies are the devil provides a great overview of why dependencies should be added with care. It contains a set of questions to help you evaluate whether to add a project as a dependency.

Dirk Eddelbuettel wrote about dependency woes he experienced. He also includes examples of others' experiences.

Scott Chamberlain published a very nice blog post on limiting dependencies in R package development. Be sure to read the references as well.

Dirk Eddelbuettel took a great short introduction into getting started in R by Saghir Bashir and modified it to create a tinyverse edition that has a careful focus on dependency use.

Russ Cox offers a thoughtful essay entitled Our Software Dependency Problem detailing the (current) lack of best practices and tools to take full advantage of the (enormous) benefits available from responsible code reuse via carefully chosen dependencies.

Frank Chimero wrote an insightful post Everything Easy is Hard Again (based on two earlier talks) about toolchains and workflows (in the web development context) that is very relevant and insightful for the R development case too.


Stable dependencies need less work

Dirk Eddelbuettel created a project for Continuous Integration for R at Travis, GitHub, Azure, etc. that is the successor of the r-travis project. Dirk forked the r-travis project when the original project added many non-base R dependencies. Like r-travis, r-ci has few dependencies and aims to be very stable. A user (erikca) praised r-ci for its stability:

We've been running this for 6 months on Azure - and it has performed without any hiccup whatsoever (except the rare timeout here and there from the CI provider).