Explicit is better than implicit

Clarity is key: being explicit makes your code more readable and maintainable.

Trevor I. Lasn Trevor I. Lasn
· 4 min read
Building 0xinsider.com, the intelligence layer for prediction markets. Discover what's moving, see who's behind it, and find the edge before the crowd.

I’m convinced that implicitness leads to a higher WTF per Minute (WTFPM) in the long run.

WTF per Minute

Implicitness requires the coder to remember hidden details instead of having them clearly defined in the code. For example, can you tell me why we’re adding “10” here?

JavaScript
// Implicit (bad)
function calculateSalary(a, b) {
  return a + b + 10;  // a?? b?? WTF is 10?
}

Exactly, that was the point. No one can tell what “10” represents except the person who wrote it, and that’s awful in my opinion. If you have a team of engineers working on a project, how can anyone possibly navigate the codebase with such ambiguity?

Instead of implicitly adding “10”, we can prevent future headaches by simply creating a clear variable for the bonus. In my view, relying too heavily on implicit behavior can cause confusion and make managing the codebase more difficult.

JavaScript
// Explicit (good)
function calculateSalary(cash, equity) {
  const bonus = 10; // Explicit bonus variable
  return cash + equity + bonus;
}

Tim Peters’ second point in The Zen of Python states, “Explicit is better than implicit,” and I couldn’t agree more.

Imagine a function that grants access to different parts of a system based on a user’s role. In this example, implicit behavior leads to confusion about which roles have which permissions, making the code difficult to maintain.

JavaScript
// Implicit (bad)
function grantAccess(user) {
  if (user.role === 'admin') {
    return ['read', 'write', 'delete'];  // Full access
  }


  if (user.role === 'editor') {
    return ['read', 'write'];  // Editors can't delete
  }


  if (user.role === 'viewer') {
    return ['read'];  // View-only access
  }


  // Implicit fallback
  return ['none'];  // WTF is 'none'?
}


function showAccessControls(user) {
  const permissions = grantAccess(user);


  if (permissions.includes('read')) {
    console.log("User has read access.");
  }
  if (permissions.includes('write')) {
    console.log("User has write access.");
  }
  if (permissions.includes('delete')) {
    console.log("User has delete access.");
  }
}


// Example usage
const user1 = { name: "Alice", role: "admin" };
const user2 = { name: "Bob", role: "viewer" };
const user3 = { name: "Charlie", role: "guest" };  // Implicit 'none' fallback


showAccessControls(user1);  // Has all access
showAccessControls(user2);  // Read-only access
showAccessControls(user3);  // No access, but why?

The access control is handled with hard-coded roles and magic strings like ‘none’, making it unclear and unmanageable as more roles are added. Permissions are scattered throughout the code, leading to confusion and maintenance issues for future developers.

JavaScript
// Explicit (good)
const ROLE_PERMISSIONS = {
  admin: ['read', 'write', 'delete'],
  editor: ['read', 'write'],
  viewer: ['read'],
  guest: []  // Explicitly defining guest permissions
};


function grantAccess(user) {
  const permissions = ROLE_PERMISSIONS[user.role] || ROLE_PERMISSIONS['guest'];
  return permissions;
}


function showAccessControls(user) {
  const permissions = grantAccess(user);


  if (permissions.includes('read')) {
    console.log(`${user.name} has read access.`);
  }
  if (permissions.includes('write')) {
    console.log(`${user.name} has write access.`);
  }
  if (permissions.includes('delete')) {
    console.log(`${user.name} has delete access.`);
  }
  if (permissions.length === 0) {
    console.log(`${user.name} has no access.`);
  }
}


// Example usage
const user1 = { name: 'Alice', role: 'admin' };
const user2 = { name: 'Bob', role: 'viewer' };
const user3 = { name: 'Charlie', role: 'guest' };


showAccessControls(user1);  // Alice has read, write, and delete access.
showAccessControls(user2);  // Bob has read access.
showAccessControls(user3);  // Charlie has no access.

Why Explicit is Better

  • Explicit Mapping: The ROLE_PERMISSIONS object clearly defines each role and its corresponding permissions.

  • Clarity: By making permissions explicit, there’s no need for magic strings or conditionals scattered across the codebase.

  • Maintainability: Future roles or changes to permissions can be easily updated in one place.

In my opinion, “Explicit is better than implicit” is about choosing clear, direct code over concise but potentially ambiguous alternatives. This principle puts readability and maintainability first, even if it means writing slightly more verbose code.

By being explicit, the intentions behind the code are obvious, making it easier for any developer to understand and work with the codebase.

Trevor I. Lasn

Building 0xinsider.com, the intelligence layer for prediction markets. Discover what's moving, see who's behind it, and find the edge before the crowd. Product engineer based in Tartu, Estonia, building and shipping for over a decade.

Found this article helpful? You might enjoy my free newsletter. I share dev tips and insights to help you grow your coding skills and advance your tech career.

Related Articles

Check out these related articles that might be useful for you. They cover similar topics and provide additional insights.

Webdev
6 min read

How I Use Vercel BotID to Stop Bots on Auth Endpoints

BotID verifies browser challenges before proxying to the backend. Here's how I set it up in Next.js 16.

Feb 16, 2026
Read article
Webdev
6 min read

Integrating Docker with React

Streamline your development and deployment processes

Jul 16, 2020
Read article
Webdev
8 min read

Why localStorage Is Unsafe for Tokens and Secrets

localStorage is vulnerable to XSS and has no expiry or encryption. Learn why httpOnly cookies and sessionStorage are safer for auth tokens.

Oct 28, 2024
Read article
Webdev
3 min read

Preloading Responsive Images

How to properly preload responsive images to improve initial page load

Nov 28, 2024
Read article
Webdev
4 min read

Self-Taught Developer's Guide to Thriving in Tech

How to turn your non-traditional background into your biggest asset

Sep 28, 2024
Read article
Webdev
3 min read

Form Validation That Doesn't Annoy Users: CSS :user-valid and :user-invalid

The new pseudo-classes :user-valid and :user-invalid give us a smarter way to style form validation states based on user interaction

Dec 12, 2024
Read article
Webdev
14 min read

AEO and GEO for AI Overviews, ChatGPT, Claude, Gemini, and Perplexity

What Answer Engine Optimization and Generative Engine Optimization mean, and how to get your site cited by AI Overviews, ChatGPT, Claude, Perplexity, and Gemini.

May 17, 2026
Read article
Webdev
5 min read

Mermaid.js — Create Charts and Diagrams With Markdown-like Syntax

Mermaid.js is a simple markdown-like script language for generating charts from text via JavaScript

Oct 30, 2019
Read article
Webdev
4 min read

How To Implement Content Security Policy (CSP) Headers For Astro

Content Security Policy (CSP) acts like a shield against XSS attacks. These attacks are sneaky - they trick your browser into running malicious code by hiding it in content that seems trustworthy. CSP's job is to spot these tricks and shut them down, while also alerting you to any attempts it detects.

Oct 16, 2024
Read article
all articles

This article was originally published on https://www.trevorlasn.com/blog/explicit-is-better-than-implicit. It was written by a human and polished using grammar tools for clarity.