BlogPartners

Glossary

Direct Dependency

What Is a Direct Dependency?

A direct dependency is a software component that an application explicitly declares in its own manifest or source code — pulled in by the developer's intentional choice rather than by another library's downstream requirements.

Direct dependencies are the visible top layer of a software project: the libraries listed in package.json, pom.xml, requirements.txt, go.mod, or equivalent manifest files. Developers choose them, document them, and govern them through tools like Software Composition Analysis. But direct dependencies typically represent only a small fraction of the code an application actually contains. Every direct dependency drags its own dependencies along behind it, and those bring more — so the components a developer explicitly chose are vastly outnumbered by the ones the system pulls in on their behalf.

NetRise Provenance maps both direct and transitive dependency relationships explicitly, so teams can distinguish between the components they actively own and the ones inherited through the supply chain — and apply policy, blast radius analysis, and trust evaluation to both.

Related Terms

Transitive Dependency · Software Composition Analysis · Software Bill of Materials · Blast Radius · NetRise Provenance

Related Content