methodology

Vendoring

Vendoring is a software development practice where external dependencies (e.g., libraries, frameworks) are copied directly into a project's source code repository rather than being fetched from a package manager at build time. This ensures that the project uses specific, known versions of dependencies, making builds reproducible and independent of external network availability or changes. It is commonly used in environments requiring high stability, such as enterprise applications or embedded systems.

Also known as: Dependency vendoring, Inlining dependencies, Copying dependencies, Vendor folder, Vendored libs
🧊Why learn Vendoring?

Developers should use vendoring when they need to guarantee build reproducibility, avoid dependency on external package repositories, or ensure compatibility in offline or air-gapped environments. It is particularly valuable for long-term projects where dependency updates might introduce breaking changes, or in regulated industries where auditability and control over third-party code are critical. However, it increases repository size and requires manual updates.

Compare Vendoring

Vendoring vs Package ManagersVendoring vs ContainerizationVendoring vs Monorepos

Learning Resources

📄
Go Vendoring Guide
docs
📝
Python Dependency Management with Vendoring
tutorial
📄
Vendoring Dependencies in Rust
docs
🎬
Understanding Vendoring in Software Development
video
📚
The Art of Dependency Management
book

Related Tools

Dependency ManagementVersion ControlBuild SystemsReproducible BuildsPackage Management

Alternatives to Vendoring

Package ManagersContainerizationMonorepos