# What you'll learn

After watching this video, you will be able to: 
* Explain what a dependency is in software development.
* List the benefits of using dependencies.
* Understand the challenges and risks of using dependencies.

# What are dependencies?

* A dependency is needed when a piece of software or code relies on another to function.
* They’re commonly used to add features and functionality to software without writing it from scratch.
* Dependencies are reusable code found in a library package or module that your code makes calls to.
* You can use a package manager to automate the download and installation of dependencies.

# Benefits and importance

Here are some of the benefits of using dependencies in your code: 
* The software development process becomes faster and more efficient.
* You can deliver software more quickly by building on previous work.
* Dependencies enable applications to have more features and functionality.
* Functionalities provided by the dependency eliminate having to write it from scratch.
* The functionality provided by the dependency could perform better than the native implementation.

# Dependency Illustration

Dependency is a software development term that references a piece of software that is reliant on another one.

![image.png](attachment:4291e757-19e3-44f6-a6a6-d0dd36224478.png)

Here is a very simple illustration: 
* In this scenario, Program A needs a function that it doesn't have by default – but Program B's code can provide it.
* Program A is written to make a call to Program B for that function.
* Program B provides the requested functionality to Program A so the application can work as designed.
* Program A is considered a dependent, and Program B is the dependency.

# Dependency challenges and risks

* Downloading and using code from the Internet is risky.
* It could expose your software to vulnerabilities, bugs, or other flaws.
* Production risk could occur as a result of implementing incompatible, outdated, or missing dependencies: 
    * Production servers could be impacted, resulting in performance degradation or crashes.
    * Data could be leaked as a result of vulnerabilities, customer data could be comprised.
    * Your company’s reputation could also be impacted, resulting in loss of business, reputation or even fines.
* Licensing challenges are another important aspect of using dependencies.
    * Be aware of any license requirements for dependencies you use.
    * Use the correct type of licensing for your project.
    * Make sure there's no unlicensed code in your application.

# Inspection and management

If you plan to use dependencies in your project, it's best practice to vet (or examine) them thoroughly before implementation.

Vet the dependency by checking the following: 
* **Design**: Check that the API is well-designed and well-documented.
* **Qualit**y: Check the quality of the code for undesired behavior, and semantic problems.
* **Testing**: Test the basic code functionality and look for any possible failures.
* **Debugging**: Check dependency's issue tracker for open issues and bug reports.
* **Maintenance**: 
    * Review the commit history for bug fixes and ongoing improvements.
    * Avoid using dependencies that haven't been updated for more than a year.
* **Usage**: 
    * Is the dependency widely adopted or seldom used? 
    * Seldom-used dependencies could be abandoned.
* **Security**: 
    * Software dependencies can present a large surface for attacks.
    * Look for weaknesses and vulnerabilities that allow malicious input.
* **Use dependency management tools**: to manage downloads, and track version updates.

# Dependency's dependencies

* A dependency that relies on another dependency isn't bad; however, it does pose some challenges.
* Code problems found within indirect dependencies may have an impact on your code, so you should inspect all indirect dependencies.
* Use a dependency manager to list any direct and indirect dependencies for inspecting all code.
* When you upgrade dependencies, be aware of any new, indirect dependencies that could also make their way into your project.

# Example: Flask dependencies

* Flask is a web framework written in Python that provides you with tools, libraries, and other features for building web applications.
* LinkedIn and Pinterest are two examples of organizations that use Flask.
* Flask has its own dependencies which include: 
    * **Werkzeug**: which is a web server gateway interface, 
    * **Jinja**: a template language for rendering web pages, 
    * **MarkupSafe**: a security dependency for untrusted input, 
    * **ItsDangerous**: which is a secure data integrity dependency, 
    * **Click**: a framework for writing command line applications.

# Flask token generation syntax

You can call the dependency **ItsDangerous**, to generate a token for transmitting account information between web requests.

![image.png](attachment:ef157968-ad54-489b-8ee2-020a39decd13.png)

Let’s take a look at how this is done with a code example: 
* In the first line you import the **`URLSafeSerializer`** from the **itsdangerous** package. 
* Then you instantiate a **`URLSafeSerializer`** passing in a **`secret-key`** that you control, and the word **`auth`** to signal that you want to use this token for authorization.
* Then you generate a **`token`** by calling the **`dump()`** method passing in the data that you want to serialize which in this example is a dictionary with an **`{"id": 5, "name": "alice"}`**. 
* If you were to print out this token it would just look like a string of random characters but it is, in fact, encrypted so that it can only be decrypted with the `secret-key`.
* The data can now be safely sent to another service that can decrypt it if it has the key, or perhaps, it was only meant for your eyes.
* So, when it is sent back to you later you can decrypt it knowing that it hasn't been tampered with.
* The final line of code is showing you how to decrypt the message using the **`token`** and the **`loads()`** method, which returns the original message and prints out the name from the original dictionary.

Of course if this was really another piece of code, you would instantiate the **`URLSafeSerializer`** serializer again with the same **`secret-key`** and use that to decrypt the token.

# Summary

In this video, you learned that: 
* A dependency is a piece of code that another part of a code relies on to work.
* Dependencies add features and functionality to your program without writing it from scratch.
* Dependencies can speed up the development process and save money.
* Dependencies should be carefully vetted before implementation.
* Use a dependency manager to list all direct and indirect dependencies for inspecting all code.
* A dependency may have its own dependencies.
* Flask is a Python-based web development platform providing tools, libraries, and its own dependencies.

