#####   ######  #####    ###    #   #  ###  #   #  ######
##  ##  ##      ##  ##  ## ##   #   #   #   #   #  ##
#####   ####    #####   #   #   #   #   #   #   #  ####
##  #   ##      ##      ## ##    # #    #    # #   ##
##   #  ######  ##       ###      #    ###    #    ######

$ curl repovive.com/roadmaps/frontend-system-design-interview-prep/security/third-party-dependencies

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░████████████████████████████████████████████████████████████████████████████████████████████████████

#####   ######  #####    ###    #   #  ###  #   #  ######
##  ##  ##      ##  ##  ## ##   #   #   #   #   #  ##
#####   ####    #####   #   #   #   #   #   #   #  ####
##  #   ##      ##      ## ##    # #    #    # #   ##
##   #  ######  ##       ###      #    ###    #    ######

$ curl repovive.com/roadmaps/frontend-system-design-interview-prep/security/third-party-dependencies

Repovive

Third-Party Dependencies - Security | Frontend System Design Interview Prep | Repovive

Repovive.

Frontend System Design Interview Prep17 sections · 206 units12h total

Open in Course

Third-Party Dependencies

Supply chain security

Dependencies introduce security risks. A compromised package affects all users.

Risks:

Malicious code in packages
Vulnerabilities in dependencies
Typosquatting (malicious package with similar name)

Mitigations:

Use lock files (package-lock.json)
Audit dependencies: npm audit, Snyk
Minimize dependencies
Review before adding
Use Subresource Integrity for CDN scripts

SRI example:

<script src="cdn.js" integrity="sha384-abc..."></script>