Frontend
a11y-0.0.1
a11y-0.0.11.0.0
a11y-0.0.1
a11y-0.0.11.0.0
  • Introduction
  • Project Guidelines
    • INTRODUCTION
    • PROJECT SETUP
      • Project starter
      • Static type checking
      • Code Quality Tools
      • Enforcing good practices
      • Testing
      • Code versioning flow
      • Continuous Integration & Delivery
      • Isolated component development
    • EFFECTIVE AND CONSISTENT WORKFLOW
      • Code structure, architecture
      • Code versioning and review flow
      • Testing
      • Static type checking
      • Continuous Integration & Delivery
      • Dependency checking
      • Project Management Tools
      • Communication
    • THE QUALITY OUTPUT
      • Great UX/UI
        • User Experience
        • Responsive Web Design
        • SEO, SMO
        • Progressive Web Apps
      • Stability
        • Documentation
        • Analytics & Error Tracking
        • Quality Assurance
      • Performance
        • Bunde Size
        • Deployment
        • Audits & Reports
      • Security
      • Accessibility
        • Why a11y?
        • Fundamentals
        • User stories
        • A11y tools
        • Checklist
    • FINAL WORDS
Powered by GitBook
On this page
  • Security
  • Keep your dependencies up to date

Was this helpful?

  1. Project Guidelines
  2. EFFECTIVE AND CONSISTENT WORKFLOW

Dependency checking

PreviousContinuous Integration & DeliveryNextProject Management Tools

Last updated 5 years ago

Was this helpful?

We live in a world of components and dependencies. There are numerous libraries available to perform almost any task. Sometimes, it makes sense to use battle-tested libraries written by large companies. Other times, you should go with your own solution.

No matter what, your project will end up with a dependency tree. It’s good practice to know what you are installing. You should avoid vulnerable packages, or legacy ones without any activity.

Security

Some of the packages could be vulnerable. Check if they’re ok. A pretty good hint is a small number of downloads or poor GitHub activity. Be cautious.

GitHub does a great job with Security Alerts. But there are also other leading companies doing it even better. Consider using for your projects!

Security is mainly needed for , not the development. But you should think about security concerns at all times.

Keep your dependencies up to date

Dependencies become out of date pretty much every day. This can be caused by a security update, new features or just a performance update.

You shouldn’t install dependencies with poor GitHub activity. It’s a sign that the project is not maintained anymore.

For already existing dependencies, you can locally use the amazing Unfortunately, you can’t automate them. But sometimes it is handy, especially when you are taking over somebody else’s (legacy) codebase. Or you are coming back to your own pet project.

For the projects you are currently working on, you should consider setting up .It got acquired by GitHub and is now fully free of charge! It also works nicely with security updates.

snyk
the output
npm-check-updates
Dependabot