Rules Hub
Coding Rules Library
← Back to all rules
Rule priority, scope & exceptions
Use this to align rules with the senior-level structure (P0/P1/P2, scope, exceptions/tradeoffs).
backend ruleP1universalStack: node
dependenciessecuritymaintenance
Vet npm packages before adopting them
Check tests/CI, license, issues, maintainers, usage, docs, and code before adding a dependency.
Created: Feb 10, 2026
Bad example
Old codejson
| 1 | // package.json |
| 2 | { |
| 3 | "dependencies": { |
| 4 | "some-random-package": "latest" |
| 5 | } |
| 6 | } |
Explanation (EN)
Adding packages blindly increases the chance of pulling in unmaintained, insecure, or incompatible code.
Objašnjenje (HR)
Nasumično dodavanje paketa povećava šansu da ubaciš neodržavan, nesiguran ili nekompatibilan kod.
Good example
New codets
| 1 | // scripts/dependency-checklist.ts |
| 2 | // Lightweight checklist you can keep in-repo for reviews. |
| 3 | export const dependencyChecklist = { |
| 4 | testsAndCI: "CI badge + recent passing builds", |
| 5 | license: "License file + compatible license", |
| 6 | issuesAndPRs: "Active discussion + reasonable response times", |
| 7 | maintainers: "More than 1 active maintainer", |
| 8 | usage: "Meaningful adoption (downloads/stars are not the only signal)", |
| 9 | docs: "Clear README + examples", |
| 10 | codeReview: "Skim critical paths + dependency tree" |
| 11 | }; |
Explanation (EN)
A repeatable checklist makes dependency decisions consistent and reduces long-term operational and security risk.
Objašnjenje (HR)
Ponovljiva checklist logika standardizira odluke oko dependencyja i smanjuje dugoročni operativni i sigurnosni rizik.