Some modules are well known and trusted (e.g. requests in Python, React in JS) and many components (Postgres, Redis, Sqlite) enjoy a good reputation, they are "battled tested" - but how about less well-known open source projects?<p>Short of studying the source code oneself, a lot of developers rely on Github stars, but that heuristic seems flawed.<p>How do you approach discovery and evaluation of open source modules and components for production use?
1. Google for different keywords describing your use case. If you've exhausted Google, search your Lang's package repository directly (Google tends to only show a couple results per page)<p>2. Is it solving your problem?<p>2. Check low resolution metrics like stars, open issues, size or recency of commits. Weigh that against your use case. For example if it's a niche, stars matter less. If the requirements are well defined and in a slow moving space, recency matters less. Etc.
If it's doing something big and fundamental for you, make sure that it has enough contributors who are likely to not suddenly stop contributing (preferably businesses whose success is tied to it).<p>3. Read the docs, examples/demos, tests etc. Find posts by people applying it for similar use cases. Does it solve your particular problem well (incidental vs inherent complexity)? Read through some of its GitHub issues to get a feel for the maturity, usability and support of the project.<p>4. Loop through those steps until you find something that holds up. If everything speaks for it except for longevity concerns start reading the code and consider whether you'd be able to contribute to it.