10+ years evergreen
Key issues
Two key issues reduce the lifespan of enterprise software.
Volatile technologies
Many applications are built on technologies that change every few years and then trigger an upgrade cycle in their dependent apps. Common examples are dotnet, java, python and node ecosystem. Teams must continuously learn and adapt to new standards and syntax, apps sometimes require full rewrites when vendors change approaches, e.g. .NET Framework to .NET core, python 2 to 3, etc. This forces enterprises to dedicate significant resources to keep up with the pace of upgrades or risk having out of date software, exposing them to security vulnerabilities and creating a fragmented IT system with components running on different versions.
Reliance on direct and indirect dependencies
Many applications these days are built on tens, if not hundreds of dependencies, whether direct or indirect. The average nodejs dependency, for instance, has 79 other transitive dependencies, all of which have their own release cycle and compatibility considerations. This can force teams into “dependency hell”, where developers spend more time managing and resolving dependency-related issues like conflicting versions and incompatible libraries than working on new features or improvements.
All these dependencies are also potential vectors of attack – Sonatype’s 2023 report on the software supply chain industry noted that it had detected 245,032 malicious packages detected across the various open-source ecosystems in 2023, triple the number in 2022.
Our approach
We advocate building software using a small, core set of current technologies which prioritise stability and backwards-compatibility. The primary backend language that we use is Go, which has been backwards-compatible and syntactically consistent since its public release in 2009. In all that time, Go has remained on version 1, and the co-founder of Go recently reaffirmed the language’s commitment to compatibility, emphasising that “Go 2, in the sense of breaking with the past and no longer compiling old programs, is never going to happen”. With Go, entire apps can be automatically migrated to the latest version and benefit from the latest security patches and QoL upgrades, with no need for rewrites or upgrades.
We also support avoiding reliance on bloated frameworks or tools which introduce a large number of third-party dependencies. Any dependencies which we do use, such as htmx for frontend interactivity, are deliberately selected because they are lightweight, have a stable track record, and have no transitive dependencies.
Using this approach, we envision that software will remain “evergreen”, which means enterprise software development teams can write an app and "fire and forget" without having to worry about constant upgrades or supply chain issues. Updates are so stable CI/CD can take care of them automatically, and the app will continue to run for years to come.