Safeguard
Tag

dependencies

Safeguard articles tagged "dependencies" — guides, analysis, and best practices for software supply chain and application security.

52 articles

Guides

Dependency Management for Beginners: Keeping Your Borrowed Code Healthy

Most of your application is packages other people wrote. Dependency management is the everyday craft of choosing them well, updating them safely, and keeping them from becoming a liability. Here is a friendly guide with a first step to try today.

Jul 8, 20266 min read
Security Guides

Managing Transitive Dependencies: The Vulnerabilities You Didn't Choose

Most dependency risk lives in packages you never installed directly. Here is how transitive dependencies work across ecosystems and how to audit and control them.

Jul 8, 20265 min read
Security Guides

PyYAML Security Guide (2026)

PyYAML is the default YAML parser for Python — and its history of arbitrary-code-execution CVEs from unsafe loading makes yaml.load() one of the most dangerous calls in the language.

Jul 8, 20265 min read
Security Guides

Axios Security Guide (2026)

Axios is the most popular HTTP client in the JavaScript ecosystem — and its SSRF and credential-leak CVEs make its version and configuration security-relevant. Here is how to run it safely.

Jul 7, 20266 min read
Security Guides

Auditing Yarn Dependencies: A Guide to yarn audit and yarn npm audit

Yarn Classic and Yarn Berry audit dependencies differently. Learn the right commands for each, how to enforce overrides via resolutions, and where to go further.

Jul 7, 20265 min read
Security Guides

Auditing RubyGems Dependencies with bundler-audit

bundler-audit checks your Gemfile.lock against the ruby-advisory-db and flags insecure gem sources. Here is how to run it in Ruby and Rails projects — and beyond.

Jul 6, 20265 min read
Tutorials

How to Secure Your Open Source Dependencies

Most of your code is code you didn't write. This beginner guide covers the practical habits that keep your open-source dependencies safe, from lockfiles to scanning.

Jul 6, 20266 min read
Security Guides

Spring Framework Security Guide (2026)

Spring Framework is the backbone of enterprise Java — and the source of Spring4Shell plus a steady stream of path-traversal and SSRF CVEs. Here is how to run it safely in 2026.

Jul 6, 20266 min read
Concepts

Understanding Open Source Security Risk

Open source powers nearly every modern application, but the code you inherit brings risks you did not write. This guide explains where open source risk comes from, how it reaches your product, and how to manage it without abandoning the ecosystem.

Jul 6, 20266 min read
Security Guides

Auditing PHP Dependencies with composer audit

Composer ships a native security auditor. Learn to run composer audit against your composer.lock, catch abandoned packages, and extend it with continuous SCA.

Jul 5, 20265 min read
Security Guides

Log4j Security Guide (2026)

Log4j is the most widely deployed Java logging library — and the source of Log4Shell, the defining supply-chain vulnerability of the decade. Here is how to run it safely in 2026.

Jul 5, 20266 min read
Tutorials

How to Update Dependencies Safely

Updating a library can fix a vulnerability or break your app. This beginner guide shows you how to update dependencies safely, one careful step at a time.

Jul 4, 20266 min read
dependencies — Safeguard Blog