dexter/BTerminal
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
BTerminal/.claude/rules/09-dependency-discipline.md
Hibryda b659a6a6bd chore: add 17 operational rules and rule index 
- Create .claude/rules/ with all 17 standard rule files (01-security through 17-document-imports)
- Add Operational Rules section with Rule Index to .claude/CLAUDE.md
2026-03-05 23:14:34 +01:00

855 B
Raw Blame History

Dependency Discipline

Add dependencies only with explicit user consent.

Before Proposing a New Dependency

State: what it does, why it's needed, what alternatives exist (including stdlib), and its maintenance status.

Rules

  • Prefer stdlib and existing project dependencies over new ones.
  • When a dependency is approved, document why in the commit message.
  • Pin versions explicitly. Avoid floating ranges (^, ~, *) in production dependencies.
  • Commit lock files (package-lock.json, poetry.lock, Cargo.lock, go.sum). They enforce reproducible installs and pin transitive dependencies.
  • Audit transitive dependencies, not just direct ones — they are the primary supply chain attack vector.
  • Run vulnerability scanning in CI on every PR, not just periodically.
  • Regularly check for outdated or deprecated dependencies and flag them.