Skip to main content

Third Party Dependencies

This page was last reviewed on September 19th, 2024. It needs to be reviewed again on June 19th, 2025.

Guidelines for choosing a third party package can be found in the general third party dependencies documentation page.

How can you secure front-end third-party integrations?

  • Use modern browser features such as HTTPS, Content Security Policy (CSP), Subresource Integrity (SRI).
    • use HTTPS (Hypertext Transfer Protocol Secure) for all your web traffic, including the requests and responses from third-party services. HTTPS encrypts the data in transit, preventing eavesdropping, tampering, or spoofing.
    • CSP (Content Security Policy), a browser security feature that allows you to specify what is allowed on your website, such as scripts, styles, images and fonts. CSP can help prevent cross-site scripting (XSS) attacks, which can inject malicious code into your web pages through third-party integrations.
    • Subresource Integrity (SRI), a browser security feature that enables browsers to verify that the resources they fetch (for example, from a CDN) are delivered without unexpected manipulation.
  • Monitor and audit your integrations.
    • Monitoring means keeping track of the performance, availability and errors of your integrations, using tools like logs, alerts, dashboards and reports. For example, Azure Monitor.
    • Auditing means reviewing the security and compliance of your integrations, using tools like scanners, analyzers and testers. For example, GitHub Dependabot, NPM audit and Snyk.
  • Update and review your integrations (ideally annually).
    • Updating means applying the latest patches and fixes.
    • Reviewing means evaluating the quality, reliability and necessity.

Maintaining a list of third-party frontend packages is too complex, therefore, we have reduced our recommendations to project build tools previously used by Gemeente Amsterdam projects.

You may also be interested in Languages and Frameworks (frontend).