Skip to content

Third-Party Libraries 1

What Is This Module About?

Using third-party libraries can help us build programs faster, but relying on external code also introduces risks. Libraries may contain bugs, security flaws, or unexpected behaviors that can compromise the program if they are outdated or unmaintained.

In this module, you will learn how libraries can become a weak point in your program. You will examine how vulnerable or tampered dependencies are exploited and apply safe practices for managing third-party code.

Key ideas to keep in mind include:

  • Understand Your Dependencies: Know what libraries your project uses, where they come from, and what level of trust or maintenance they have.

  • Minimize Unnecessary Dependencies: Use only the libraries you truly need to reduce your attack surface and maintenance burden.

Included Real Exploit

This module includes a real-world exploit about Polyfill.io.

In Polyfill.io, the cdn.polyfill.io domain began serving malicious JavaScript after the project's domain and GitHub account changed hands. Sites that loaded polyfill assets from that CDN unknowingly fetched and executed the injected code, which could redirect users, steal data from the browser, or perform other malicious actions.

Key takeaways from this case include:

  • Monitor Upstream Changes: Regularly review the status of third-party libraries you depend on. Sudden ownership transfers, maintainer changes, or unexpected updates can indicate potential compromise or loss of trust.

  • Update, and Patch Dependencies: Keep all dependencies up to date and promptly apply security patches. Outdated or unmaintained packages increase exposure to known vulnerabilities and supply-chain risks.

Included Exercises

To help you practice what you have learned, this module includes different types of exercises. These are designed to test your understanding and give you hands-on practice.

  • Multiple Choice Questions: Short, focused questions that test your understanding of the risks of third-party libraries. They help you reinforce the key ideas from the module.