External Dependencies

Updated: May 12th 2021

When developers create new websites and apps, they regularly blend new code with pre-existing code using third-party libraries. These are known as external dependencies. Using third-party libraries can be a quick and easy way for developers to build websites and apps without the time-consuming task of creating new code. But you should be aware that using third-party libraries means giving up some degree of control, which could come with some security risks. There’s no guarantee that a third-party application regularly updates its security measures and there’s often no way to tell, especially if the library is not open-source. But that doesn’t mean you shouldn’t use third-party libraries at all. 

Best Practices

  • Use popular third-party libraries that have a large supporting community. These libraries tend to make regular updates and communicate with their community. You’ll also have fellow users to ask questions or express concerns.
  • Use open-source libraries that provide access to the source code so you can identify any issues with quality or security loopholes.
  • Make sure your chosen third-party libraries contain the correct licenses and specifications for whatever you intend to use the library for.

This guide from Google walks you through how to use Chrome DevTools, PageSpeed Insights, and WebPageTest to determine how many third-party scripts are loaded on a site and measure their speed impact.