What Is a Dependency?

A dependency is external code required for a program to function correctly.

If your code would break or fail to compile without it, it's a dependency. This includes:

• Libraries and frameworks
• Modules and packages

Dependencies can be required at different stages: runtime, build time, or development time.

Why Dependencies Matter

Dependencies aren't passive building blocks, they actively shape your system over time. Here's why managing them isn't busywork, it's risk management:

1. Security: Dependencies regularly receive vulnerability patches. Staying current reduces exposure to known exploits.
2. Bug fixes: Many issues in your codebase may already be fixed upstream.
3. Performance: Libraries evolve. Optimisations and faster implementations translate directly into system-wide gains.
4. Compatibility: Updated dependencies prevent conflicts with newer tools, runtimes, or frameworks.
5. New features: Dependency updates often unlock capabilities you'd otherwise build yourself.
6. Maintenance: Actively maintained dependencies reduce the risk of being stuck on unsupported versions.
7. Avoiding technical debt: Regular updates make future upgrades incremental instead of painful rewrites.

Ignoring dependencies doesn't freeze time, it defers the cost.

Types of Dependencies (And Why They Should Be Explicit)

Not all dependencies serve the same purpose. Treating them as a single undifferentiated list makes systems harder to understand, install, and maintain.

A well-structured project clearly separates dependencies by role.

Core Dependencies

Core dependencies are mandatory. Without them:

• the application cannot start,
• core functionality breaks,
• deployment is impossible.

These dependencies must be present in every environment.

Examples:

• FastAPI
• pandas

They define what the system is.

Feature-Specific (Optional) Dependencies

Not every user needs every feature.

Feature-specific dependencies allow a project to expose optional functionality without forcing everyone to install everything.

This approach:

• reduces installation size,
• minimizes dependency conflicts,
• improves modularity,
• and gives users more control.

A well-known example is Cargo features in Rust, which allow dependencies to be conditionally enabled based on selected features:

[dependencies]
serde = { version = "1.0", optional = true }
tokio = { version = "1.0", optional = true }

[features]
default = []
serialization = ["serde"]
async = ["tokio"]

Users can then install only what they need:

cargo install my-tool --features serialization

Optional dependencies turn a monolith into a flexible toolkit.

Build Dependencies

Build dependencies are required only during compilation or packaging.

They are responsible for:

• transforming source code into binaries,
• generating artifacts,
• resolving version metadata,
• and preparing deployable outputs.

In Python's pyproject.toml:

[build-system]
requires = ["setuptools>=61.0", "wheel"]
build-backend = "setuptools.build_meta"

They do not ship with the final application.

Examples:

• setuptools

Keeping build dependencies isolated improves reproducibility and reduces runtime attack surface.

Development Dependencies

Development dependencies support humans, not production systems.

They are tools that make code:

• cleaner,
• more consistent,
• easier to reason about.

In pyproject.toml:

[project.optional-dependencies]
dev = [
    "ruff>=0.1.0",
    "pre-commit>=3.0",
    "mypy>=1.0",
]

These dependencies should never be required in production.

Common categories include:

• formatters,
• linters,
• static analyzers,
• debugging tools.

Examples:

• pre-commit
• ruff

A strong development toolchain improves developer productivity and reduces the number of bugs that make it into production.

Test Dependencies

Test dependencies exist solely to validate correctness.

They enable:

• unit tests,
• integration tests,
• mocking,
• assertions,
• coverage reporting.

In pyproject.toml:

[project.optional-dependencies]
test = [
    "pytest>=7.0",
    "pytest-cov>=4.0",
    "pytest-mock>=3.0",
]

They are essential for confidence, but irrelevant at runtime.

Example:

• pytest

Well-defined test dependencies make it easier to maintain high quality without bloating production environments.

Documentation Dependencies

Documentation dependencies power everything related to writing, building, and publishing docs.

They convert source files into:

• readable websites,
• API references,
• developer guides.

In pyproject.toml:

[project.optional-dependencies]
docs = [
    "mkdocs>=1.5",
    "mkdocs-material>=9.0",
    "mkdocstrings[python]>=0.24",
]

Example:

• mkdocs

Good documentation is part of the product, even if it never runs in production.

Final Thoughts

Dependencies are design decisions with long-term consequences.

Projects that treat dependency management as a first-class concern tend to:

• scale better,
• break less,
• and age more gracefully.

Those that don't eventually pay the priceoften all at once.

Reference

• Python Packaging User Guide
• Cargo Book: Features
• npm Documentation: Dependencies
• Semantic Versioning
• OWASP Dependency Check
• Dependabot
• Renovate Bot