# Avoid Vendoring Dependencies

Vendoring smart contracts or libraries—copying them directly into your project—can lead to significant risks, including:

1. **Security Risks:** Vendored code doesn't automatically benefit from updates or security patches, leaving your project vulnerable.
2. **Auditing Challenges:** Embedded dependencies are harder to track and audit, reducing transparency.
3. **Upgradability Issues:** Vendoring locks you into outdated versions, making it difficult to adopt new features or fixes.
4. **Increased Complexity:** Managing multiple vendored libraries adds unnecessary project overhead.

***

## Best Practice: Use Package Managers

Leverage tools like **npm**, **yarn**, **Forge**, or **Hardhat** to manage dependencies efficiently. These tools ensure easy updates, version control, and compatibility, keeping your code secure and maintainable.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.optimumsec.xyz/coding/avoid-vendoring.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.