> Term
dependency management
The systemic process of tracking, updating, and securing external libraries and packages used by an application.
Detailed Explanation
Dependency management involves carefully curating third-party packages, keeping them updated to avoid security vulnerabilities, and ensuring that transitive dependencies don't introduce conflicts. In modern development, your code is often just a thin layer of glue over millions of lines of third-party code.
Why It Matters
Unmanaged dependencies accumulate technical debt, introduce severe security risks (like supply chain attacks), and can suddenly break the build when an external maintainer pushes a breaking change or deletes a package.
Common Failure Mode
Practical Example
Production Manifestation
Automated Dependabot pull requests, strict version pinning in package-lock.json or requirements.txt, and regular audit steps in the CI/CD pipeline.
Frequently Asked Questions
What is dependency management in short?
The systemic process of tracking, updating, and securing external libraries and packages used by an application.
What is the most common failure mode?
Using a wildcard (e.g., `*` or `^`) for a critical library version, leading to a silent upgrade that introduces a breaking change and crashes the production environment.
AI Summary
The systemic process of tracking, updating, and securing external libraries and packages used by an application. Unmanaged dependencies accumulate technical debt, introduce severe security risks (like supply chain attacks), and can suddenly break the build when an external maintainer pushes a breaking change or deletes a package.
