No, you can't use React, GreenSock, GitHub, or...š±
For various reasons ranging from compliance to performance to "not invented here", 3rd party libraries and solutions can't always be used. What can we do about it?
If youāve ever built something for or in a large organization (could be in the private, government, education, healthcare, finance, etc. sectors), you are probably too familiar with the constraints involved. This post may be quite illuminating if you havenāt had that opportunity yet! š”
The TL;DR
The libraries, frameworks, processes, and tools you would typically use for building something will be out-of-bounds in large organizations. There are many reasons for this, and Iāll capture some of the big ones in the following sections so that you are better aware of what to expect and do.
š Performance
With a few rare exceptions, the typical web app for a large organization is going to be slow. Like, really slow:
Large organizations donāt like this, and they will have invested a lot of time and effort with dedicated performance teams to help speed things up.
As a developer, this means you will have strict requirements around file size, network requests, and loading times that you will need to follow. Often, this means that your favorite web libraries are out the question. You canāt make requests to external resources. Any assets you generate need to be hyper-optimized:
For example, letās say you are tasked with building an awesome animation that will ship in the product. There are a few requirements. The in-house perf team tells you to keep the awesome animation you are trying to build under a 5k filesize, and you canāt use JavaScript. This means that time-savers like GreenSock and Lottie are out of the question!
What you can do: If you canāt use a net-new technical dependency, you may have to rely on vanilla HTML, CSS, and JS. If you canāt make any external requests (even within the same domain) for fetching assets, inlining content or base64-encoding things will start to look very appealing provided you stay within any file size constraints. Your ability to pull rabbits out of hats will definitely be tested! šŖ
āļø Licensing Requirements
You know that cool open source library you like to use? How about that free tool built by this awesome developer that simplifies many of your tasks? If the licensing for what you are trying to use is one that your team or organization has already vetted, you are golden. If the licensing is too restrictive OR alters the larger licensing of a product you are going to be shipping in, then you need to revisit.
Beyond usage-related licensing, many tools and services will have a separate commercial license that large organizations need to agree to. These licenses often have a different price point (aka not free) and may have additional restrictions that a hobbyist or small organization wonāt have to deal with.
What you can do: Most large organizations will have a dedicated team of legal specialists who can answer licensing related questions. Do double check and document that you have the green light to use any new dependency.
In many cases, this review will be quick and painless. For more complex situations, the costs and time involved in doing a thorough legal review may be too large of a bullet to bite. Your legal specialists are your friends here, so work with them on what a feasible outcome can be.
šµļø Privacy Implications
If you are going to be building something that collects any personally identifiable information (PII) such as e-mail addresses, user generated content (like photos or comments!), or more, large organizations have a greater responsibility to comply with local and worldwide regulations. If the information you will be needing to process is extremely sensitive such as financial or medical data, the requirements go even higher:
As is the recurring theme with weāve been talking about, this could mean your favorite service or tool may not work in the context of your organizationās requirements.
What you can do: Any tools or services that you use to collect and/or process any PII must be:
Aware of the worldwide regulations
Provide mitigations and tools to ensure everyone is on the safe side
Go through a privacy/legal review with your organization
Never take shortcuts here. The larger the organization, the larger any penalties for any missteps will be.
š Not Invented Here
Probably the most frustrating blocker, many organizations will have their own way of doing things that they donāt want to change. Some may be using their own in-house solution that may not be as good as an equivalent solution the broader developer ecosystem may enjoy:
What you can do: Donāt take it personally. See if an opportunity exists to very gently educate your stakeholders on why a different solution may be better for them, you, and the end-user. If such an opportunity doesnāt exist, just go with the flow on this one. Many have died on this hill, so donāt go joining them.
Itās Not You, Itās Not Anybody
Iāve built my career working exclusively in large organizations, and I have run into (and guided teams that have run into) hurdles like the ones listed many times. One way to think about this is as follows: Instead of seeing these requirements as demoralizing blockers, think of them as playing a video game on Hard mode difficulty orā¦just playing Dark Souls:
The satisfaction youāll get in shipping something meaningful in a large organization will be huge. The experiences and learnings you will have gained will give you an edge as you tackle greater and more impactful challenges.
Do keep in mind that the intent for many of these requirements isnāt to deliberately slow you down or make you suffer. Large organizations have different rules that they operate by and are measured against. The things you can get away with as a one person LLC are very different than what a large organization can get away with. Thatās either a good thing or a bad thing depending on how you look at it.
Wrapping Things Up
The recommendations I have provided here are not meant to be the definitive guide for what you should do for each situation. They are merely a pointer in the right direction. Use the resources available to you inside whichever organization you are working with on the specifics.
Can you relate to these? Did I miss any big ones? If so, do send me a tweet or post on the forums to let me know!
Cheers,
Kirupa š