← technical essays
[ESSAY]
How to Navigate Dependency Risk
Your supply chain is a forest — map it before you get lost.
[ essay ]
Inventory direct and transitive dependencies. Pin versions in lockfiles. Scan for CVEs in CI; triage by exploitability in your usage.
Prefer fewer, maintained libraries over many micro-deps. Evaluate bus factor and release cadence before adopting.
Vendor SDKs and SaaS APIs are dependencies too — plan for deprecation and rate limits.
Dark forest navigation is boring: lists, pins, updates, and owners.
— JV · Dark Heart Labs.