> ## Documentation Index
> Fetch the complete documentation index at: https://engineering.trewknowledge.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Third Party Scripts

## Overview

This section outlines the best practices for using third-party scripts in our codebase. These guidelines are designed to ensure that our projects maintain high levels of security, performance, and maintainability. Third-party scripts can be useful but must be handled with caution to prevent security risks and reliability issues.

## Preferred Methods of Inclusion

Always prioritize importing third-party libraries using tools like `npm` instead of directly linking to a CDN. This ensures better version control, security, and integration within the project's build process.

## Version Control

### Specify Version Numbers

Always use explicit version numbers when installing dependencies. **Do not use `@latest`**, which can introduce breaking changes or malicious code without warning.

### Version Locking

Ensure the package-lock.json files are committed to the repository to lock versions and maintain consistency across environments.

## Security Best Practices

### Regular Audits

Ensure dependabot is enabled on the repository to receive automated security updates and alerts for outdated dependencies. Regularly audit dependencies for vulnerabilities and update them as needed. If a third-party script is no longer maintained or poses a security risk, consider removing it from the project.

### Dependency Assessment

Before adding a new dependency, evaluate:

1. Is the source reputable and well-maintained?
2. Does the project have a healthy update cycle and active contributors?
3. Are there any reported vulnerabilities or major issues?

## Dependency Management

Use **Dependabot** or similar tools to automate the process of checking for outdated dependencies and applying security patches. Configure it to only update `dependencies` (not `devDependencies`) unless development tools are also critical.
