Third-party library policy
Describes the policy for third-party libraries and explains the process for requesting new libraries.
Commerce (SaaS) supports a standard set of third-party libraries that fulfill common requirements such as SFTP and XML parsing. By standardizing on a finite set of libraries, Optimizely mitigates the risk of binary incompatibility from conflicting libraries and reduces the security risk of unsupported libraries. With that in mind, packages outside the "allowedLibraries.txt" allow list should not be referenced by or included in any deployments to Commerce (SaaS).
To meet requirements, periodic additions to this list are expected, and Optimizely welcomes suggestions on what libraries to include. The following is the process for requesting that a package be added to the list:
-
Review the
allowedLibraries.json
file from theinsite-commerce-cloud
Git repository. (At the time of writing, the file is saved to/src/tools/PowerShellScripts
.) -
Confirm that the desired package is not in the whitelist, and that no other libraries listed there are a good substitute.
-
Submit an Enhancement request at
https://feedback.optimizely.com/
. There is a section called Third-party Library Allow Listing under the Commerce (SaaS) section. -
Optimizely will evaluate the request based a few criteria, such as:
- The desired package is important to the success of the project.
- None of the existing allowed packages meet the needed requirements.
- The package appears to have sufficient backing as to be maintained and secure going forward.
- The requirement is best met by a third-party library rather than a base code change.
-
If approved, the change to the whitelist will be scheduled for release.
Note
The simplest way to include a new JavaScript (JS) library is to use a CDN, if available. You can include a JS library in the theme, but if there are dependencies, those also need to be included in the theme.
Updated 10 days ago