The mistake that put 300,000 patients in serious danger- Software Dependencies

Understanding Software Dependencies- A challenge that many developers face.

6 min readAug 1, 2023

Bad Software Dependencies are one of the biggest pain points for software teams all over. In today’s post, we will be covering the concept of Software Dependencies, the types of dependencies in software, what is software dependency analysis, and dependency hell, and how we can manage dependencies at scale.

Unfortunately, one of those dependencies was left-pad. The code is below. It pads out the left hand-side of strings with zeroes or spaces. And thousands of projects including Node and Babel relied on it.
-How one developer just broke Node, Babel and thousands of projects in 11 lines of JavaScript

Software Dependencies can be a very important security issue so this is definitely something that you should keep your eyes on.

**Source-** **Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies**

I don’t know what is worse: Not taking your medicines at all or taking the wrong medication. Either way, at least 300,000 heart patients were given the wrong drug or advise as a result of a software fault. So, what happened? In the year 2016, it was discovered that the clinical computer system SystmOne had an error that since 2009 had been miscalculating patient’s risk of heart attack. As a result, many patients suffered heart attacks or strokes since they were told they were at low-risk, while other suffered from the side-effects of taking unnecessary medication [3].
-4 Interesting Cases of Software Failures and Consequences

Join 90K+ tech leaders and get insights on the most important ideas in AI straight to your inbox through my free newsletter- AI Made Simple

Understanding Software Dependencies

What is a software dependency?-

A software dependency is a relationship between software components where one component relies on the other to work properly. For example, if a software application uses a library to query a database, the application depends on that library. Dependencies can come from internal (company/organization tools) or external (outside packages etc) sources. Adding a dependency avoids repeating work already done: designing, writing, testing, debugging, and maintaining a specific unit of code.

Types of Software Dependencies- There are two major kinds of dependencies. Firstly we have direct dependencies- wherein we are calling packages ourselves. Then there is a transitive dependency- where we indirectly use tools created by others. For example, I once built an internal tool to help a company run a suite of data/ML tests on their data to identify their next steps. That internal tool was used by the company to help them streamline experiments and report generation. All the packages that I used in that tool became transitive dependencies for the downstream functionalities implemented using the APIs I built.

What is Software Dependency Hell-

If dependencies are not properly identified and managed, it’s difficult to avoid conflicts or errors when updating or changing the software. It can also be difficult for other developers to understand how the software works and how to make changes (keep in mind code that is easy to change is one of the most desirable traits in Software Engineers according to this Microsoft Study). This creates Software Dependency Hell, a term so feared it has its own Wikipedia.

How to Manage Dependencies at Scale- There are some tried and tested methods that you can use to manage dependencies without going to hell (we’re quoting this phenomenal piece on the topic)-

Identify and document — The first step in managing dependencies is identifying the components, libraries, frameworks, and any other resources the software relies on to work properly. This involves conducting a thorough analysis of the software and creating a detailed list of the dependencies, along with their versions and other relevant information. By documenting these, developers can prevent conflicts and errors and make informed choices about how best to manage the software.
Use a package manager- A package manager is a software tool that helps to manage the dependencies of a software system or application. These tools are commonly used in programming languages such as npm for JavaScript and Python. They have the ability to manage dependencies and automate installation, updates, and removal.
Use a dependency management tool- Similar to a package manager, these tools help handle the dependencies of a software system or application. Dependency management tools can:

Help avoid bugs and errors.
Manage different versions of dependencies.
Track changes and updates.

Developers can utilize a package manager, such as npm, to manage direct dependencies in JavaScript. These tools allow companies to adhere to explicit code requirements by installing, updating, and removing dependencies.

To manage transitive dependencies, developers can use dependency management tools such as Webpack or Browserify. Tools like these can analyze the dependencies of code and ensure that they are compatible and consistent. Some other techniques involve-

Use a dependency injection framework- A dependency injection framework is a software framework that helps to manage the dependencies of a software system or application. They use dependency injection, which involves passing a component’s dependencies as parameters to the component rather than hardcoding the dependencies in the component’s source code. This makes the component more flexible and modular and makes it easier to manage the dependencies of the software.
Use a build tool- A build tool also helps manage the dependencies of a software system or application. These tools are commonly used in programming languages such as Java and C++. They can manage the dependencies, and automate building and deploying the software.

Dependencies are a crucial area to study. If you’re a software engineer working with a large organization and need something to do, analyzing dependencies in projects and finding workarounds will allow you to add some serious value. You might even be allowed to head the project on your own (which is very important for your career).

That is it for this piece. I appreciate your time. As always, if you’re interested in working with me or checking out my other work, my links will be at the end of this email/post. If you like my writing, I would really appreciate an anonymous testimonial. You can drop it here. And if you found value in this write-up, I would appreciate you sharing it with more people. It is word-of-mouth referrals like yours that help me grow.

Save the time, energy, and money you would burn by going through all those videos, courses, products, and ‘coaches’ and easily find all your needs met in one place at ‘Tech Made Simple’! Stay ahead of the curve in AI, software engineering, and the tech industry with expert insights, tips, and resources. 20% off for new subscribers by clicking this link. Subscribe now and simplify your tech journey!