A framework for evaluating the risks of taking on software dependencies.

Ubiquity

How widely available is it? Are target environments likely to have it pre-installed? Will we need to complicate deployment with containerisation or bundling?

Stability

How frequent are breaking changes, deprecations, or shifts in the "meta"?

Depth

How much functionality lies beneath the API/interface? How much harder would it be to do without the >dependency?

Ergonomics

Is the abstraction provided declarative? Is the API pleasant to use?

Watertightness

Does the abstraction leak? How often must you consider the underlying technology?