Avoid Vendoring Dependencies

Vendoring smart contracts or libraries—copying them directly into your project—can lead to significant risks, including:

Security Risks: Vendored code doesn't automatically benefit from updates or security patches, leaving your project vulnerable.
Auditing Challenges: Embedded dependencies are harder to track and audit, reducing transparency.
Upgradability Issues: Vendoring locks you into outdated versions, making it difficult to adopt new features or fixes.
Increased Complexity: Managing multiple vendored libraries adds unnecessary project overhead.

Best Practice: Use Package Managers

Leverage tools like npm, yarn, Forge, or Hardhat to manage dependencies efficiently. These tools ensure easy updates, version control, and compatibility, keeping your code secure and maintainable.

PreviousPrefer Unstructured Storage for Upgradeable Contracts NextUse a Plugin for Safe Upgrades

Last updated 3 days ago