Waaaay back when (yes, it was eight years ago, an eternity in software development), I wrote a post on my old blog about using “Code from the Internet”. In those days, for me and my readers that meant finding some C# code from some blog post somewhere out there written by some Joe Blow and using it in your own app. These days however, if you’re doing any kind of web development, you’re going to be pretty well using a whole bunch of code from the internet, and in general from that internet outpost called GitHub.
Back then, my recommendation was to read and understand the code you were about to, er, recycle, and to sanitize it, if you felt that was needed. This is exactly what I did with the server code behind the URL shortener I use for jmbk.nl: read it to understand it, clean it up, remove the bits I didn’t want, add new stuff I did, rename the API identifiers, make it work on Azure, add authentication, and so on. After all, it was first written in 2009.
These days, with jQuery, Angular, Knockout, React, etc, etc, you just do not have the time, resources, or inclination to do a deep dive. Instead you rely on what might be called a crowd effect: if lots of developers are discussing and using and maintaining some library you’re about to consider, then you’re more likely to view that code as a black box that can be used as is without too much worry.
I’d espouse a few tactics:
Above all, remember that most open source libraries are, well, ahem, crap. They’re uploaded once and never touched again. And note I count some of my own open source libraries among that illustrious set.
Open source libraries (or to use my old term, code from the internet) are a great way to expand the capabilities of your apps, especially client-side. But be aware that just because they’re “free” doesn’t mean that the cost to use them is zero.