The dark side of spreadsheet scripts
Scripts are powerful—but they have hidden costs.
Eric Koleda
Developer Advocate at Coda
Blog > Productivity · 5 min read
The dark side: adaptation
I just need one more column of data.
If the original author of the script is still around, you’ll need to get their time and attention, communicate the new requirements, and likely do some testing to make sure it’s working. In many cases, the author has moved on, and you must find someone else comfortable writing code, which can be a rare skill outside of engineering organizations. Additionally, updating a script usually comes with a degree of archeology. Scripts are notorious for being written quickly, with little attention given to documentation or code organization. Even if you originally wrote the script, figuring out how it works months or years later can be difficult and error-prone.
The dark side: fragility
It was working yesterday, I think.
- They commonly hardcode values or fail to provide flexibility, as authors often build them as short-term solutions.
- They almost never include test cases or automated testing, which are features even professional developers struggle to prioritize.
- They tend to touch multiple different technologies, as their goal is often to integrate data or workflows across systems.
- They lack a dedicated engineering team that can proactively tackle migrations, instead of waiting for the script to break and someone to notice it.
The dark side: organizational risks
Does anyone know where that script lives?
If you took an X-ray of any large company, you’d find that a ton of critical business operations rely on scripts. However, that sort of X-ray doesn’t exist, so these scripts are often part of a company’s “Shadow IT.” While CTOs have the tools needed to evaluate the cost of switching from AWS to Azure and the cost of switching from Excel to Google Sheets, migrating all of the associated scripts is almost impossible to measure. Even without any migrations, scripts make life complicated for IT. Managing corporate data security and privacy becomes difficult when there is no central way to discover or monitor these scripts. Additionally, transferring ownership of a critical script to IT usually involves a complete rewrite on another platform, as scripting environments usually lack the ability to integrate with the company’s developer tooling.
Coda Packs
A happy ending: Packs
- Flexibility from the start: Packs aren’t tied to a specific doc but instead provide generic “building blocks” like formulas, column formats, and buttons. They define a set of inputs and outputs, but the exact source and destination aren’t specified in the code. Instead, you add these elements to your docs and wire them together as needed.
- Single purpose: By default, Packs can only send requests to a single domain. This means that each Pack can only connect to a single app, service, or API. You can integrate across systems by chaining multiple Packs together.
- Visibility and controls: You can easily see which Packs are running in your docs, and your IT team can use the Admin API to monitor and report on Packs across the organization. Admins can set controls for how Packs can be used within the organization, approving individual Packs and allowing you to request new ones.
- Developer-friendly: Packs can start their life in the Pack Studio and later be migrated to use your company’s developer tools. The Pack SDK and CLI allow you to write and run code on your local machine, create test suites, and utilize continuous integration and version control.