3.16 Use dependencies appropriately and ensure maintenance
Use libraries and frameworks only where necessary, when vanilla code or smaller packages are inappropriate for the use case, and they are kept up to date.
Criteria
- Dependency management: Machine-testable
Prevent developers from downloading and installing libraries and frameworks to run client-side when they are not needed by checking for unused dependencies. Follow up by uninstalling those that are not needed.- Categorize Your Dependencies
- e18e
- Essential Guide to JavaScript Dependencies & Security
- GPF – General Policy Framework (PDF) – 2.9 – Specifications (Off-The-Shelf Components)
- GPF – General Policy Framework (PDF) – 2.10 – Specifications (Third-Party Services)
- GPF – General Policy Framework (PDF) – 3.1 – Architecture (Impact Reduction)
- GR491 – 2-7025 – Reducing Dependencies
- GR491 – 3-5020 – Unused Dependencies
- JavaScript Dependency Management with npm and Yarn
- Uninstalling packages and dependencies
- United Nations SDGS – Goal 12 – Consumption & Production
- Dependency necessity: Machine-testable
Limit your use of libraries and frameworks to the genuinely necessary as this will reduce the amount of code that has to be downloaded and parsed by the browser. Consider whether you can use vanilla code instead. Check the package size and whether individual modules can be installed and imported individually, as opposed to the entire library.- Bundlephobia
- Equations relating total annual energy consumption and chips energy efficiency
- GPF – General Policy Framework (PDF) – 2.9 – Specifications (Off-The-Shelf Components)
- GPF – General Policy Framework (PDF) – 2.10 – Specifications (Third-Party Services)
- GPF – General Policy Framework (PDF) – 3.1 – Architecture (Impact Reduction)
- GR491 – 2-7025 – Reducing Dependencies
- Green and Sustainable JavaScript (PDF)
- How to Check if You Have Unused Dependencies in Your JavaScript App
- If Not React, Then What?
- Pkg-Size
- Should Developers Use Third-Party Libraries?
- Understanding and Mitigating Webpage Data Bloat: Causes and Preventive Measures (PDF)
- United Nations SDGS – Goal 12 – Consumption & Production
- Dependency updates: Machine-testable
Regularly check dependencies and keep them up to date.- Five Key Application Security Best Practices and Benefits for Maintaining Up-to-Date Dependencies
- GPF – General Policy Framework (PDF) – 2.9 – Specifications (Off-The-Shelf Components)
- GPF – General Policy Framework (PDF) – 2.10 – Specifications (Third-Party Services)
- GPF – General Policy Framework (PDF) – 3.1 – Architecture (Impact Reduction)
- How Do You Keep Your JavaScript Dependencies Up-to-date?
- How to Keep Your App Dependencies Up-To-Date?
- Keeping dependencies up-to-date
- United Nations SDGS – Goal 12 – Consumption & Production
Benefits
- Environment
Removing code packages developers or users do not need reduces wasted energy during rendering. - Performance
Reducing client-side JavaScript reduces rendering time and ensures a faster, smoother user experience. - Security
Keeping packages up-to-date and using fewer third-party libraries reduces the likelihood of security vulnerabilities.
GRI
- Materials: Low
- Energy: Low
- Water: Low
- Emissions: Low