Nugsoft Developer Guides

Third-Party Packages

Rationale

Careful management of third-party packages improves security, stability, and maintainability. It reduces risk from abandoned or vulnerable dependencies.

Evaluation

  • Assess packages for quality, maintenance, and security before use.
  • Prefer well-documented and widely adopted libraries.
  • Check for recent updates, open issues, and community adoption.
  • Review package dependencies and potential security risks.
  • Prefer official or recommended packages when possible.

Approval

  • Follow team or project guidelines for approving new dependencies.
  • Document reasons for adding new packages.
  • Get team/lead approval for major or critical packages.
  • Document new dependencies in README or docs/dependencies.md.

Maintenance

  • Regularly update packages to patch vulnerabilities and bugs.
  • Remove unused or deprecated dependencies.
  • Monitor for breaking changes in major updates.
  • Use automated tools (npm audit, dependabot) to monitor for vulnerabilities.
  • Test application after package updates to catch breaking changes.
  • Remove unused or deprecated packages to reduce security risks and maintenance overhead.
Back to Top