Dependency Management

What is dependency management?

     Software projects rarely work in isolation. In most cases, a project relies on reusable functionality in the form of libraries or is broken up into individual components to compose a modularized system. Dependency management is a technique for declaring, resolving and using dependencies required by the project in an automated fashion. Dependency management is a very important discipline for a project manager.  It is the “D” in RAIDs management.In simple terms, a dependency is where a task, milestone or activity is dependent on another task or milestone being completed before it can start or be completed.

     It is possible for a project to have intra-dependencies. This is where tasks, milestones, etc within the same project are dependent on each other. The other type of dependency is external. This is where the dependency is on a different project, programme or even business as usual.

     A project manager must be aware of all of the dependencies for their project.  The reason is simple, if a dependency is not met, the successful delivery of the project may be threatened.

     A smart project manager should call on the services of the  PMO, a good, value adding PMO will be able to facilitate and manage external dependencies as a project manager should have the empowerment and oversight to manage intradependencies.

How to capture dependencies

     You will see lots of articles and diagrams that show wonderful process flows for managing dependencies. However, the real skill is identifying what are the dependencies that need to be worried about. This is not an exact science and difficult to fully document. However, the following to be a good approach.

1. Awareness sessions

     Get all of the projects and programmes into a workshop, ideally no more than 2 hours. Ahead of the meeting get each project to prepare a one page slide using a standard format. This should provide:

• Project name
• Sponsor
• Project Manager
• Start / end dates
• Current status
• Business area / function
• Overview of the project
• Business process being changed
• Platforms being implemented / changed
• Key milestones
• Key issues / risks

     In the actual meeting, the PMO lead should set the scene by stating the purpose of the session is to identify any dependencies between projects.  Each sponsor / project manager will then briefly discus their project.  This will allow other project managers to ask questions and identify potential dependencies i.e. where 2 different projects are trying to change the same system at the same time.

At the end of the session you should have:

• List of potential dependencies
• Possible dependencies with clear actions for the appropriate project managers to discus after meeting

     The PMO can then spend time reviewing and cleansing the list.  Working out the exact milestones where the dependency exists and then play this back to the project managers to agree

2. Agree dependencies

     When all of the dependencies have been captured, it is then necessary to work with the project managers on either side of a dependency to confirm and agree that the dates are realistic and achievable.  If not, one of the projects will probably need to re-plan.  The aim is to have all parties in agreement on the delivery date.

3. Monitor and control

     The now should be a clear view of dependencies and the associated milestones in the different plans.  The PMO should track progress against these critical milestones as part of the regular meetings and reporting.  When a milestone looks like it is slipping, they can quickly explore if it will be missed and then start the dialogue with the receiving project so as to assess impact and mitigating actions. However, it is important that each project manager monitors the dependencies that are important for their project.  The same way risks and issues should be reviewed, the project manager and / or the project team should check to make sure that all deliveries on which they are dependent, are on track.

Dependency tools

• Unique Reference – used to identify dependency

• Description – used to briefly describe the dependency

• Enabling Programme / Project – who must deliver the task, milestone, etc (sometimes known as the ‘giver’)

• Task / Milestone Description – details of the exact milestone / Task that must be delivered

• Dependent Programme – who needs the task, milestone to be delivered (sometimes known as the ‘receiver’)

• Dependent Task / Milestone – details of milestone / task that needs the delivery

• Delivery Date – date dependency must be delivered by to not cause a delay in dependent project

• Probability – probability that dependency will not be met in required timeline

• Impact – impact of dependency not being delivered in required timeline

• Status – open, closed, etc

• Owner – who owns the dependency

• Date Raised – date dependency was raised

     In a similar way to the management of risks, issues and assumptions, the simple method of recording and monitoring dependencies is by using a dependency register. This should typically capture: Other fields can be added to indicate if dependency is on the critical path, etc. However, the above fields should allow for the management of external dependencies.

1. NPM

     I couldn’t write this guide without giving credit to the Node Package Manager. Built on Node.js, this system powers a tremendous repository of 100,000+ packages and modules.

     Each project can use a package.json file setup through NPM and even managed with Gulp(on Node). Dependencies can be updated and optimized right from the terminal. And you can build new projects with dependency files and version numbers automatically pulled from the package.json file. NPM is valuable for more than just dependency management, and it’s practically a must-know tool for modern web development. If you’re confused please check out this Reddit thread for a beginner’s explanation.

2. Bower

     The package management system Bower runs on NPM which seems a little redundant but there is a difference between the two, notably that NPM offers more features while Bower aims for a reduction in filesize and load times for frontend dependencies.

     Some devs argue that Bower is basically obsolete since it runs on NPM, a service that can do almost everything Bower can do. Generally speaking this isn’t wrong. But devs should realize Bower can optimize the workflow specifically with frontend dependencies. I recommend Ben McCormick’s article Is Bower Usefulto learn more about the value offered from both package management tools.

3. RubyGems

     RubyGems is a package manager for Ruby with a high popularity among web developers. The project is open source and inclusive of all free Ruby gems. To give a brief overview for beginners, a “gem” is just some code that runs on a Ruby environment. This can lead to programs like Bundler which manage gem versions and keep everything updated.

     Rails developers will love this feature, but what about frontend packages? Since Ruby is open source, developers can build projects like Bower for Rails. This brings frontend package management to the Ruby platform with a small learning curve.

4. RequireJS

     There’s something special about RequireJS in that it’s primarily a JS toolset. It can be used for loading JS modules quickly including Node modules. RequireJS can automatically detect required dependencies based on what you’re using so this might be akin to classic software programming in C/C++ where libraries are included with further libraries.

     You’ll find an interesting GitHub discussion on this topic and the value it offers modern web developers. Granted other JS management tools like webpack have popped up, RequireJS still works in production environments. And if it works for you that’s all that matters.

5. Jam

     Browser-based package management comes in a new form with JamJS. This is a JavaScript package manager with automatic management similar to RequireJS. All your dependencies are pulled into a single JS file which lets you add and remove items quickly. Plus these can be updated in the browser regardless of other tools you’re using (like RequireJS).

     Libraries are updated based on the latest versions through the terminal. Each project can be created automatically with optimized components based on your needs. Jam is free on GitHub and worth a look if you have the time.

6. Browserify

     Most developers know of Browserify even if it’s not part of their typical workflow. This is another dependency management tool which optimizes required modules and libraries by bundling them together. These bundles are supported in the browser which means you can include and merge modules with plain JavaScript. All you need is NPM to get started and then Browserify to get moving.

7. Mantri

     Still in its early stages of growth, MantriJS is a dependency system for mid-to-high level web applications. Dependencies are managed through namespaces and organized functionally to avoid collisions and reduce clutter.

     Mantri is currently at v0.2.2 at the time of writing. It’s completely open sourceand built for more complex web applications that require large bundles of dependencies. Mantri aims to follow modular programming practices and hopes to encourage developers onto the same path.

8. Volo

     The project management tool volo is an open source NPM repo that can create projects, add libraries, and automate workflows. Volo runs inside Node and relies on JavaScript for project management. A brief intro guide can be found on GitHub explaining the installation process and common usage. For example if you run the command volo create you can affix any library like HTML5 Boilerplate.

     But aside from creating new projects you can also add/update libraries for older projects. Volo ties into everything you would need for frontend development. Check out volo’s design goals to see how it operates in a real-world project.

9. Ender

     Ender is the “no-library library” and is one of the lightest package managers you’ll find online. It allows devs to search through JS packages and install/compile them right from the command line. Ender is thought of as “NPM’s little sister” by the dev team.

     Naturally the whole Ender framework is available for free on GitHub. It’s simply a tool that you install to help manage consumption of frontend JavaScript frameworks for local projects. Everything is meant to run with ease to the fullest potential for a frontend developer’s workflow. The main Ender website has quality documentation so it’s worth a glance if you’re interested.

10. pip

     The recommended method for installing Python dependencies is through pip. This tool was created by the Python Packaging Authority and it’s completely open source just like Python itself.

     The majority of Python developers recommend pip for dependencies including the Django team. Whether you’re just getting started with Python or already use it consistently with backend development, this is a package manager you’ll be glad to have in your toolbox.

11. Composer

     Composer is a package manager very similar to NPM, but it’s focused solely on PHP libraries. You can find a list of dependencies on Packagist which includes large PHP frameworks such as Laravel. If you’re a PHP developer of any kind I seriously recommend looking into Composer. It’s easy to get started but difficult to fit into your workflow. However with practice it’ll become a staple for PHP dev projects.

     This is a versatile tool with the potential to grow even larger in time. Plus NPM can mix with Composer to create a frontend + backend dependency management system for all your PHP/JS projects.