External Dependencies

Updated: Nov 18th 2020

When developers create new websites and apps, they regularly blend new code with pre-existing code using third-party libraries, known as external dependencies. Using third-party libraries can be a quick and easy way for developers to build websites and apps without the time-consuming task of creating new code. But you should be aware that using third-party libraries means giving up some degree of control, which could come with some security risks. There’s no guarantee that a third-party application regularly updates its security measures and there’s often no way to tell, especially if the library is not open-source. But that doesn’t mean you shouldn’t use third-party libraries at all. 

Best Practices

  • Use popular third-party libraries that have a large supporting community. These libraries tend to make regular updates and communicate with their community. You’ll also have fellow users to ask questions or express concerns.
  • Use open-source libraries that provide access to the source code so you can identify any issues with quality or security loopholes.
  • Make sure your chosen third-party libraries contain the correct licenses and specifications for whatever you intend to use the library for.