Direct dependencies are packages explicitly defined in a project’s manifest or lock file. Learn the key differences between direct, transitive, and unreferenced dependencies.
Table of Contents
Question
What are direct dependencies?
A. Dependencies that are explicitly defined in the manifest or lock file.
B. Dependencies used by packages that are dependencies of your project.
C. Dependencies that aren’t referenced in the manifest file.
Answer
A. Dependencies that are explicitly defined in the manifest or lock file.
Explanation
Direct dependencies are explicitly defined in the manifest or lock file.
Direct dependencies are the packages and libraries that are explicitly included and defined in a project’s manifest file (like package.json for Node.js projects) or a lock file that specifies the exact versions of dependencies being used (like package-lock.json or yarn.lock). These are the top-level dependencies that a project directly relies on.
When you install a direct dependency using a package manager, it may in turn have its own dependencies that are automatically installed. Those are called transitive dependencies – they are not directly referenced in your project’s manifest or lock files, but are dependencies of your direct dependencies.
Unreferenced dependencies are packages that may be included in your project’s file system but are not actually referenced or used anywhere in the manifest file. These are not true dependencies since they are not required for the project to function.
So in summary, direct dependencies are the key top-level building blocks you have specifically chosen to include and depend on in your project, as opposed to transitive dependencies pulled in secondarily or unreferenced packages not explicitly depended on. Carefully managing and securing your direct dependencies is critical to the overall security of your project.
GitHub Advanced Security certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the GitHub Advanced Security exam and earn GitHub Advanced Security certification.