How should a project manage dependencies to avoid dependency drift?

Enhance your coding skills with the Code Standards and Practices Level 3 Test. Access well-crafted questions, insightful explanations, and progress tracking to master this exam. Prepare effectively for your Level 3 certification with our comprehensive study materials!

Multiple Choice

How should a project manage dependencies to avoid dependency drift?

Explanation:
Keeping dependencies under control means capturing an exact, repeatable set of library versions and keeping them current in a disciplined way. Explicit version pins lock down the exact versions your project should use, so builds are reproducible across machines, environments, and CI pipelines. A lockfile records the full resolved dependency tree, ensuring everyone installs the same versions, not just the same top-level range. Regular updates paired with security and vulnerability scanning keeps you informed about fixes and potential issues, so you can plan upgrades before drift becomes a problem. This combination prevents drift by making installs deterministic and by actively managing and verifying security and compatibility over time. Automatic updates without pins introduce unpredictability; you can’t reproduce the exact dependency tree, so environments diverge. Deleting lockfiles removes the exact record of what was used, breaking reproducibility and inviting drift. Waiting to update only when major issues appear delays fixes and increases risk, allowing older, vulnerable, or incompatible versions to linger.

Keeping dependencies under control means capturing an exact, repeatable set of library versions and keeping them current in a disciplined way. Explicit version pins lock down the exact versions your project should use, so builds are reproducible across machines, environments, and CI pipelines. A lockfile records the full resolved dependency tree, ensuring everyone installs the same versions, not just the same top-level range. Regular updates paired with security and vulnerability scanning keeps you informed about fixes and potential issues, so you can plan upgrades before drift becomes a problem. This combination prevents drift by making installs deterministic and by actively managing and verifying security and compatibility over time.

Automatic updates without pins introduce unpredictability; you can’t reproduce the exact dependency tree, so environments diverge. Deleting lockfiles removes the exact record of what was used, breaking reproducibility and inviting drift. Waiting to update only when major issues appear delays fixes and increases risk, allowing older, vulnerable, or incompatible versions to linger.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy