Improve process for handling frontend dependencies
Adding new dependencies or updating the old dependencies could produce impact on our building phase. Also, in the light of recent security problems with NPM:
- https://github.blog/2021-11-15-githubs-commitment-to-npm-ecosystem-security/
- Supply chain attacks.
the goal is to improve our documentation for adding new dependencies or changing existing dependencies. In addition, we should establish a protocol for mentioned processes.
Expected artefacts in this issue are:
- Improved documentation with sections
Adding new NPM package
andUpdating the existing dependency
with checklists if possible in frontend guide section. - New section which describes how our assets are being compiled and used in delivery stages for cloud and distribution packages.