15. Managing Dependencies Responsibly

Dependencies can be attack vectors. Pin versions, verify hashes, and review updates.

Example: requirements.txt

requests==2.31.0 --hash=sha256:...
cryptography==42.0.5 --hash=sha256:...

Checking Dependencies

pip install --require-hashes -r requirements.txt
pip-audit

✅ Lesson: Treat dependencies as code you didn’t write — verify and audit them.