Creating reliable software that runs consistently is vital. Dependency issues and outages, like the infamous “left-pad” disruption, can cause significant setbacks. Read on to learn how a simple setup can drastically improve your software’s stability and resilience.
The hidden risk in your software supply chain
The costs associated with dependency outages can be substantial. Leading to halted development, increased troubleshooting time, and potential revenue loss. For instance, the 2016 “left-pad” incident (link) caused widespread disruption (link).
In this case, a developer unpublished the “left-pad” package from the npm registry, a mere 11-line code used for string padding. This action disrupted thousands of projects, including prominent ones like Babel and React, rendering them unable to build or install properly.
Such incidents highlight the vulnerability of relying directly on public repositories.
Fast and simple solution
At ableneo we routinely establish a local proxy for dependency repositories — such as Docker, GitHub, npm, Maven, and PyPi. By using the proxy our clients mitigate risks associated with external changes or deletions.
In a local build pipeline, external sources are only contacted once when a new dependency or its version is introduced. After that, the dependencies are stored locally (via mirroring), so future builds rely on the local copies instead of fetching from external sources again.
This improves consistency, speed, and reduces the risk of external source outages affecting your builds.
Security benefit
Implementing a proxy not only protects against disruptions but also boosts security. It allows you to monitor and verify dependencies before they are integrated into your project, ensuring that only trusted and safe versions are used.
Take control of your software supply chain today
Protect your projects from unexpected outages and safeguard against potential vulnerabilities.
Get in touch with ableneo to set up your custom proxy solution and take charge of your software’s reliability.
Building software that always works was originally published in ableneo tech & transformation on Medium, where people are continuing the conversation by highlighting and responding to this story.