Third-party library policy
This topic describes the policy for third-party libraries and explains the process for requesting new libraries.
Configured Commerce Cloud supports a standard set of third-party libraries that fulfill common requirements such as SFTP and XML parsing. By standardizing on a finite set of libraries, Optimizely mitigates the risk of binary incompatibility from conflicting libraries and reduces the security risk of unsupported libraries. With that in mind, packages outside the "allowedLibraries.txt" allow list should not be referenced by or included in any deployments to Configured Commerce Cloud.
To meet new requirements, periodic additions to this list are expected, and Optimizely welcomes suggestions on what new libraries to include. The following is the process for requesting that a package be added to the list:
-
Review the allowedLibraries.json file from the insite-commerce-cloud Git repository. (At the time of writing, the file is saved to /src/tools/PowerShellScripts.)
-
Confirm that the desired package is not in the whitelist, and that no other libraries listed there are a good substitute.
-
Please submit an Enhancement request at https://feedback.optimizely.com/. There is a section called 3rd Party Library Allow Listing under the Configured Commerce section.
-
Optimizely will evaluate the request based a few criteria, such as,
- The desired package is important to the success of the project
- None of the existing allowed packages meet the needed requirements
- The package appears to have sufficient backing as to be maintained and secure going forward
- The requirement is best met by a third party library rather than a base code change
-
If approved, the change to the whitelist will be scheduled for release
Note
The simplest way to include a new JavaScript (JS) library is to use a CDN, if available. You can include a JS library in the theme, but if there are dependencies, those also need to be included in the theme.
Updated 3 months ago