Definition
A dependency is an external piece of software — a library, a package, or a framework — that your project relies on to function. Rather than building every capability from scratch, developers use well-tested, maintained solutions for common tasks like sending emails, processing payments, or handling dates. Each of these external solutions becomes a dependency of your project. Dependencies have their own version numbers and their own release cycles, and they may in turn rely on other dependencies, creating a chain known as a dependency tree.
Why It Matters
Dependencies dramatically speed up development because your team is not reinventing solutions to problems that have already been solved. However, every dependency you add is a commitment. If a dependency stops being maintained, contains a security vulnerability, or releases a breaking update, your application is affected. Managing dependencies is an ongoing responsibility — they need regular updates, security audits, and occasional replacement. When evaluating a development proposal, it is worth asking what major dependencies a project will rely on and how actively they are maintained, because abandoned dependencies become liabilities.
Example
Your web application uses a popular dependency for generating PDF invoices. The dependency works perfectly for two years. Then a security researcher discovers a vulnerability that allows malicious data in an invoice to execute code on your server. Because the dependency is actively maintained, the maintainers release a fix within days. Your team updates the dependency version, runs the test suite to confirm nothing else broke, and deploys the patch — all before any attacker can exploit the vulnerability. If the dependency had been abandoned, your team would have needed to find and apply the fix themselves or migrate to an alternative.