Dev GuideAPI Reference
Dev GuideAPI ReferenceUser GuideGitHubNuGetDev CommunitySubmit a ticketLog In
GitHubNuGetDev CommunitySubmit a ticket

Third-party library policy

Describes the policy for third-party libraries and explains the process for requesting new libraries.

Commerce (SaaS) supports a standard set of third-party libraries that fulfill common requirements such as SFTP and XML parsing. By standardizing on a finite set of libraries, Optimizely mitigates the risk of binary incompatibility from conflicting libraries and reduces the security risk of unsupported libraries. With that in mind, packages outside the "allowedLibraries.txt" allow list should not be referenced by or included in any deployments to Commerce (SaaS).

To meet requirements, periodic additions to this list are expected, and Optimizely welcomes suggestions on what libraries to include. The following is the process for requesting that a package be added to the list:

  1. Review the allowedLibraries.json file from the insite-commerce-cloud Git repository. (At the time of writing, the file is saved to /src/tools/PowerShellScripts.)

  2. Confirm that the desired package is not in the whitelist, and that no other libraries listed there are a good substitute.

  3. Submit an Enhancement request at https://feedback.optimizely.com/. There is a section called Third-party Library Allow Listing under the Commerce (SaaS) section.

  4. Optimizely will evaluate the request based a few criteria, such as:

    • The desired package is important to the success of the project.
    • None of the existing allowed packages meet the needed requirements.
    • The package appears to have sufficient backing as to be maintained and secure going forward.
    • The requirement is best met by a third-party library rather than a base code change.
  5. If approved, the change to the whitelist will be scheduled for release.

📘

Note

The simplest way to include a new JavaScript (JS) library is to use a CDN, if available. You can include a JS library in the theme, but if there are dependencies, those also need to be included in the theme.