Learning Center

What are transitive dependencies?

Transitive dependencies are indirect dependencies that a software project inherits from its direct dependencies. In other words, when a package (A) depends on another package (B), and package B, in turn, depends on package C, package C is a transitive dependency of package A.

For example:

• Your project depends on Library A (direct dependency)
• Library A depends on Library B (transitive dependency)
• Library B depends on Library C (another transitive dependency)

While you may explicitly include on Library A in your project, you are also pulling in Library B and Library C, often without director control or visibility over them.

Transitive dependencies are an unavoidable part of modern software development, and they introduce hidden security risks. Organizations need to actively map, monitor, and manage these dependencies to reduce vulnerabilities and enhance software security.

‍