Dependencies
Explicitly Declare and Isolate Dependencies
A Twelve-Factor App explicitly declares all dependencies and does not rely on system-wide packages. This ensures that the application can be reliably deployed across different environments without unexpected behavior due to missing or mismatched dependencies.
Key Principles
1. No Implicit Dependencies
- The application should never assume that dependencies are already installed on the system (e.g., a programming language runtime, libraries, or system utilities).
- Dependencies should be explicitly defined within the project.
2. Dependency Declaration
- Use a dependency manifest to list all required packages:
- Node.js:
package.json - Python:
pyproject.toml(Poetry) orrequirements.txt - Java:
pom.xml(Maven) orbuild.gradle(Gradle) - Go:
go.mod - Rust:
Cargo.toml
- Node.js:
3. Dependency Isolation
- The application should not rely on globally installed dependencies. Instead, it should use:
- Virtual environments (
venvfor Python) - Containerized environments (Docker)
- Package managers with lockfiles (
package-lock.json,poetry.lock, etc.)
- Virtual environments (
4. Consistent Builds Across Environments
- The same dependencies should be installed consistently across development, testing, and production. Lock files ensure that all environments use the exact same package versions.
5. Security & Maintainability
- Isolating dependencies helps prevent version conflicts and security vulnerabilities.
- Regularly update dependencies while ensuring compatibility.
Example: Python (FastAPI) with Poetry
Instead of installing dependencies globally:
pip install fastapiUse a dependency manager:
poetry add fastapiThis ensures that dependencies are explicitly defined in pyproject.toml and poetry.lock.
Why It Matters?
- Prevents “It works on my machine” problems.
- Simplifies onboarding for new developers.
- Enhances security and maintainability.
- Enables reproducible builds in CI/CD pipelines.