Moviento 0deps: Local Dependencies and Security

Software developers install hundreds of external libraries in most projects. Modern frameworks rely on thousands of transitive dependencies. This means your application runs code written by hundreds of unknown people.

This ecosystem speeds up development. It also creates massive supply chain risks.

The 0deps Movement asks a simple question: What if your application only ran the code you actually control?

Every dependency adds a new attack surface. A dependency can:

  • Introduce security flaws.
  • Become a target for supply chain attacks.
  • Get abandoned by its creator.
  • Change its public API.
  • Break backward compatibility.

In the 0deps model, you move all necessary dependencies directly into your project repository. You stop downloading packages dynamically during build time. Everything needed to run the app stays in the repository from the moment you clone it.

This approach provides:

  • Reproducible builds.
  • Less reliance on external package registries.
  • Centralized security audits.
  • Predictable results.

The goal is not to make code static. Implementations and algorithms must evolve to fix bugs and stay secure. The goal is to keep the public contract stable.

Each library exposes a specific interface. For example:

  • authenticate()
  • createSession()
  • verifyPasskey()

These functions form a contract. The contract stays the same even if you rewrite the underlying code. You can swap libraries or change protocols without breaking the rest of your application.

When a vulnerability appears, you usually face two problems:

  1. Fix the bug.
  2. Check if the update breaks your app.

In a 0deps architecture, the second problem disappears. You update the implementation behind the interface. The public API remains identical. Your application continues to work without code changes.

By isolating external code behind internal adapters, you reduce long-term risk. If a library disappears tomorrow, you only update the adapter.

0deps does not fight open source. It changes how you consume it. Libraries become integrated components rather than dynamic external links.

This creates software that is predictable, resilient, and easy to maintain. Implementations evolve. The contract remains.

Source: https://dev.to/fullagenticstack/movimiento-0deps-dependencias-locales-contratos-inmutables-y-seguridad-por-diseno-1a6o