I needed a functionality on my website. I've found a plugin to do exactly that. "Wonderful! I won't have to program that". This is what I thought before the plugin broke my website. The homepage looked like a mess. This happened to me a few times. I used an other plugin which was fine. Until a mandatory update had a big negative impact. I just stopped using it, which cost me too much hours of work.
I don't want to reinvent the wheel everytime I need something. So I still use plugins. I am just very careful. I don't want to spend hours trying to find a bug added by a plugin.
Can you understand the code?
With the Internet it's fairly easy to find pieces of codes: plugins, code snippets, templates, ruby gems... Often they are used as black boxes, full of magic. We have to open the box to find how it works.
When you look at the code you may find it covers edge cases you don't need. Maybe you can just fork the code and delete these edge cases.
If you want to be sure you understand the behaviour of a piece of code, I'd say the best is to code it yourself. Be inspired by other people work but write it yourself, seeing what each line of code do. Open source is really great for that purpose.
There is a particular case. Well, if the source code is not available or only available minified then we have a problem. We can't read the code.
Bad effects of bad plugins
Bad plugins will bring various bad side-effects:
When a plugin is needed, be really picky
For many plugins there are alternatives plugins. Here is how I choose: I seek independent plugins. An independent plugin won't rely on other plugins. It will work on its own. This is especially important when the plugin will be updated. On the long run I find these independent plugins more reliable.
I choose plugins depending on the authors or recommandations. It decreases the risk I take by choosing them.
I choose a plugin which doesn't do more than I need.
When there is just one plugin doing something I need I may use it with a lot of care.
Everyone runs into this issue
I guess this plugin issue can be extended. Isn't it the same thing when we install softwares on computer or smartphone? Or when you bring someone new inside a group of people?