Explicit is better than implicit

Clarity is key: being explicit makes your code more readable and maintainable.

Trevor I. Lasn Trevor I. Lasn
· 4 min read
Building 0xinsider.com — see who's winning across prediction markets (Polymarket, Kalshi, and more) — and what they're trading right now.

I’m convinced that implicitness leads to a higher WTF per Minute (WTFPM) in the long run.

WTF per Minute

Implicitness requires the coder to remember hidden details instead of having them clearly defined in the code. For example, can you tell me why we’re adding “10” here?

JavaScript
// Implicit (bad)
function calculateSalary(a, b) {
  return a + b + 10;  // a?? b?? WTF is 10?
}

Exactly, that was the point. No one can tell what “10” represents except the person who wrote it, and that’s awful in my opinion. If you have a team of engineers working on a project, how can anyone possibly navigate the codebase with such ambiguity?

Instead of implicitly adding “10”, we can prevent future headaches by simply creating a clear variable for the bonus. In my view, relying too heavily on implicit behavior can cause confusion and make managing the codebase more difficult.

JavaScript
// Explicit (good)
function calculateSalary(cash, equity) {
  const bonus = 10; // Explicit bonus variable
  return cash + equity + bonus;
}

Tim Peters’ second point in The Zen of Python states, “Explicit is better than implicit,” and I couldn’t agree more.

Imagine a function that grants access to different parts of a system based on a user’s role. In this example, implicit behavior leads to confusion about which roles have which permissions, making the code difficult to maintain.

JavaScript
// Implicit (bad)
function grantAccess(user) {
  if (user.role === 'admin') {
    return ['read', 'write', 'delete'];  // Full access
  }


  if (user.role === 'editor') {
    return ['read', 'write'];  // Editors can't delete
  }


  if (user.role === 'viewer') {
    return ['read'];  // View-only access
  }


  // Implicit fallback
  return ['none'];  // WTF is 'none'?
}


function showAccessControls(user) {
  const permissions = grantAccess(user);


  if (permissions.includes('read')) {
    console.log("User has read access.");
  }
  if (permissions.includes('write')) {
    console.log("User has write access.");
  }
  if (permissions.includes('delete')) {
    console.log("User has delete access.");
  }
}


// Example usage
const user1 = { name: "Alice", role: "admin" };
const user2 = { name: "Bob", role: "viewer" };
const user3 = { name: "Charlie", role: "guest" };  // Implicit 'none' fallback


showAccessControls(user1);  // Has all access
showAccessControls(user2);  // Read-only access
showAccessControls(user3);  // No access, but why?

The access control is handled with hard-coded roles and magic strings like ‘none’, making it unclear and unmanageable as more roles are added. Permissions are scattered throughout the code, leading to confusion and maintenance issues for future developers.

JavaScript
// Explicit (good)
const ROLE_PERMISSIONS = {
  admin: ['read', 'write', 'delete'],
  editor: ['read', 'write'],
  viewer: ['read'],
  guest: []  // Explicitly defining guest permissions
};


function grantAccess(user) {
  const permissions = ROLE_PERMISSIONS[user.role] || ROLE_PERMISSIONS['guest'];
  return permissions;
}


function showAccessControls(user) {
  const permissions = grantAccess(user);


  if (permissions.includes('read')) {
    console.log(`${user.name} has read access.`);
  }
  if (permissions.includes('write')) {
    console.log(`${user.name} has write access.`);
  }
  if (permissions.includes('delete')) {
    console.log(`${user.name} has delete access.`);
  }
  if (permissions.length === 0) {
    console.log(`${user.name} has no access.`);
  }
}


// Example usage
const user1 = { name: 'Alice', role: 'admin' };
const user2 = { name: 'Bob', role: 'viewer' };
const user3 = { name: 'Charlie', role: 'guest' };


showAccessControls(user1);  // Alice has read, write, and delete access.
showAccessControls(user2);  // Bob has read access.
showAccessControls(user3);  // Charlie has no access.

Why Explicit is Better

  • Explicit Mapping: The ROLE_PERMISSIONS object clearly defines each role and its corresponding permissions.

  • Clarity: By making permissions explicit, there’s no need for magic strings or conditionals scattered across the codebase.

  • Maintainability: Future roles or changes to permissions can be easily updated in one place.

In my opinion, “Explicit is better than implicit” is about choosing clear, direct code over concise but potentially ambiguous alternatives. This principle puts readability and maintainability first, even if it means writing slightly more verbose code.

By being explicit, the intentions behind the code are obvious, making it easier for any developer to understand and work with the codebase.

Trevor I. Lasn

Building 0xinsider.com — see who's winning across prediction markets (Polymarket, Kalshi, and more) — and what they're trading right now. Product engineer based in Tartu, Estonia, building and shipping for over a decade.

Found this article helpful? You might enjoy my free newsletter. I share dev tips and insights to help you grow your coding skills and advance your tech career.

Related Articles

Check out these related articles that might be useful for you. They cover similar topics and provide additional insights.

Webdev
4 min read

Speed Up Your Website With rel='preconnect' and increase PageSpeed Insights Score

Using link rel='preconnect' can improve your website's performance by reducing connection setup times to key external domains.

Sep 13, 2024
Read article
Webdev
4 min read

Open Dyslexic Font: Improve Your Web Accessibility

How to implement the Open-Dyslexic font to enhance readability for users with dyslexia

Oct 12, 2024
Read article
Webdev
4 min read

Remove Unnecessary NPM Packages with eslint-plugin-depend

We don't need packages to handle basic JavaScript tasks

Aug 13, 2024
Read article
Webdev
3 min read

HTML Details Element: The Native Accordion You're Not Using

Discover how the HTML details element can replace your JavaScript accordions and why it might be better than your current solution

Dec 10, 2024
Read article
Webdev
4 min read

Self-Taught Developer's Guide to Thriving in Tech

How to turn your non-traditional background into your biggest asset

Sep 28, 2024
Read article
Webdev
5 min read

Programming Trends to Watch in 2020 and Beyond

Here are my bets on the programming trends

Jul 19, 2019
Read article
Webdev
4 min read

HTTP CONNECT: Building Secure Tunnels Through Proxies

Understand how HTTP CONNECT enables HTTPS traffic through proxies

Nov 28, 2024
Read article
Webdev
3 min read

CVE-2025-29927 - Next.js Middleware Bypass Explained In Simple Terms

The vulnerability skips Next.js middleware security checks by adding a single HTTP header

Apr 6, 2025
Read article
Webdev
4 min read

How To Implement Content Security Policy (CSP) Headers For Astro

Content Security Policy (CSP) acts like a shield against XSS attacks. These attacks are sneaky - they trick your browser into running malicious code by hiding it in content that seems trustworthy. CSP's job is to spot these tricks and shut them down, while also alerting you to any attempts it detects.

Oct 16, 2024
Read article
all articles

This article was originally published on https://www.trevorlasn.com/blog/explicit-is-better-than-implicit. It was written by a human and polished using grammar tools for clarity.