Third Party Dependencies
This page was last reviewed on September 19th, 2024. It needs to be reviewed again on June 19th, 2025.
Guidelines for choosing a third party package can be found in the general third party dependencies documentation page.
How can you secure front-end third-party integrations?
- Use modern browser features such as HTTPS, Content Security Policy (CSP), Subresource Integrity (SRI).
- use HTTPS (Hypertext Transfer Protocol Secure) for all your web traffic, including the requests and responses from third-party services. HTTPS encrypts the data in transit, preventing eavesdropping, tampering, or spoofing.
- CSP (Content Security Policy), a browser security feature that allows you to specify what is allowed on your website, such as scripts, styles, images and fonts. CSP can help prevent cross-site scripting (XSS) attacks, which can inject malicious code into your web pages through third-party integrations.
- Subresource Integrity (SRI), a browser security feature that enables browsers to verify that the resources they fetch (for example, from a CDN) are delivered without unexpected manipulation.
- Monitor and audit your integrations.
- Monitoring means keeping track of the performance, availability and errors of your integrations, using tools like logs, alerts, dashboards and reports. For example, Azure Monitor.
- Auditing means reviewing the security and compliance of your integrations, using tools like scanners, analyzers and testers. For example, GitHub Dependabot, NPM audit and Snyk.
- Update and review your integrations (ideally annually).
- Updating means applying the latest patches and fixes.
- Reviewing means evaluating the quality, reliability and necessity.
Recommended third-party packages
Maintaining a list of third-party frontend packages is too complex, therefore, we have reduced our recommendations to project build tools previously used by Gemeente Amsterdam projects.
- Vite - Next Generation Frontend Tooling
- Vite community templates - Vite based project templates
- esbuild - Next Generation Frontend Tooling
You may also be interested in Languages and Frameworks (frontend).