{"id":549,"date":"2026-01-30T09:55:32","date_gmt":"2026-01-30T09:55:32","guid":{"rendered":"https:\/\/productive.io\/engineering\/?p=549"},"modified":"2026-01-30T09:55:32","modified_gmt":"2026-01-30T09:55:32","slug":"keep-track-of-your-dependencies","status":"publish","type":"post","link":"https:\/\/productive.io\/engineering\/keep-track-of-your-dependencies\/","title":{"rendered":"Keep Track of Your Software\u2019s Third-Party Libraries"},"content":{"rendered":"

Frontend<\/a><\/p> –

{{minutes}} min read<\/p>

Keep Track of Your Software\u2019s Third-Party Libraries<\/h1> \"\" <\/a>

Antonio Bajivi\u0107<\/p><\/a> Working in web development and having fun with electronics brings me joy. In my free time, I mix working out, socializing, and reading.

January 30, 2026<\/p> <\/a> <\/a> <\/a> \"\"

The more you put things off, the harder it gets to actually do them. That goes for dependencies too. Sure, dependencies<\/strong> need to be updated<\/strong>, but that doesn’t make the task any less miserable.<\/p>

Before I start explaining what a\u00a0dependency manager<\/strong>\u00a0is, let me explain what a\u00a0dependency<\/strong>\u00a0is.\u00a0

Dependencies are third-party libraries that developers add to their projects so their lives would be easier. What that means is that someone wrote a piece of code that other people can use. It also means that it needs to be frequently updated. In most web projects the list of those libraries is located in the\u00a0package.json<\/em>\u00a0file.\u00a0

Now that you know what dependency means, I want to introduce you to the idea of dependency management.\u00a0<\/p>

What Is a Dependency Manager and What Issues Have We Confronted?<\/strong><\/h2>

Did you ever get caught up with a lot of non-updated dependencies and when you began updating them, you realized you missed a lot of things? Some of those updates can be helpful, but some of them can make your life miserable.\u00a0

At Productive, as developers we encountered the same issue.\u00a0Some of our dependencies were out-of-date by several major versions which can lead to real issues, such as deprecations. So we started to think of a way to keep everything up-to-date.\u00a0

Manually handling them was not an option anymore. We have several repositories just for front-end projects and it takes a lot of time to track all those dependencies with their release updates. So, we decided to implement a dependency management bot.\u00a0

A bot like that not only notifies you about new versions, but it notifies you if a certain package has vulnerabilities. It suggests changes by creating\u00a0Pull Requests<\/a>. You\u2019re probably wondering how can dependencies have vulnerabilities now. Well, some of them are depending on other dependencies, or it may be that the developers just wrote some shady code.<\/p>

Which Dependency Manager Did We Chose?<\/strong><\/h2>

One of the problems we confront as developers is \u201cnotification noise\u201d.\u00a0
Nobody likes to see a swamp of notifications and nobody has time to read them one by one. Therefore, we were trying to pick a configurable manager to control the level of noise. A few of them came up in my search\u2014such as Dependabot, Renovate, Snyk, Dependencies.io, Depfu, etc.\u00a0

Dependabot is popular, mostly because it\u2019s a GitHub manager, but it\u2019s not quite as configurable as our final choice (wait for it!). One of the great things about Dependabot is that it can be used in combination with other managers (like Renovate). After comparing them, Renovate won.\u00a0

Renovate is more configurable and what I mean by that is that we can choose the dependencies that will be checked by it. We can set up a schedule for when the notifications will arrive, we can divide packages into all sorts of different groups we need. If you don\u2019t like the way your PR looks, as you probably guessed\u2014you can edit it. With this manager, you can also set an assignee who will get notified, and much more.<\/p>

How Do We Use Renovate at Productive?<\/strong><\/h2>

Task Management<\/strong><\/h2>

Since we didn\u2019t configure the manager to auto-merge new updates, we need to handle them ourselves. So, when it does its job, usually I handle most of the updates for the Productive app. If there are some dependencies which I\u2019m not so familiar with, I create a task and assign the PR to my colleagues.

Because I read most of the Release notes, sometimes I stumble upon some useful information about how a new update will be helpful for someone and then I inform them because new updates may solve their current workarounds (read: hacky solutions).

When we start updating dependencies we approach them differently. For every major package, one PR is created. For non-major dependencies, there is one PR where all dependencies are handled because they are less likely to cause bigger problems.\u00a0

Of course, the person in charge sets his PR link in a task so if some errors are made because of it, it can be easily traceable. When the whole list of packages is up-to-date, the developer merges that PR. After merging, the Renovate bot will auto-update the created PRs and if there aren\u2019t any other updates the bot will auto-close it.<\/p>

Configuration<\/strong><\/h3>

The issues we wanted to solve:<\/p>

Reduce noise by setting up a\u00a0schedule<\/strong>\u00a0for when the notifications will arrive<\/p>

Set an\u00a0assignee<\/strong>\u00a0for checking on those updates<\/p>

Set a\u00a0branch<\/strong>\u00a0for checking updates<\/p>

Divide packages into\u00a0groups<\/strong>, where each group is for:<\/p>

Reduced build and reload times<\/p>

Version level update (PR for major, PR for non-major updates)<\/p>

Packages that wouldn\u2019t be checked<\/p>

Meant for different colleagues<\/p>

The first problem I wanted to solve was\u00a0reducing the noise to a minimum<\/strong>. Since the notifications are not wanted every day, I set a schedule for when we get those notifications. The schedule is set by the \u201cschedule\u201d property. The value of \u201cschedule\u201c will represent the fixed times when the pull requests get generated.<\/p> \"\"

Because there are different time zones, don\u2019t forget to implement a timezone for your or your company zone (ours is Europe\/Zagreb) using the \u201ctimezone\u201d property with this list:\u00a0IANA Time Zone.<\/a><\/p> \"\"

Since I\u2019m not the only one who should be warned about updates, I found the \u201cassignees\u201d property which will set assignees who will be notified. For this property, you can use GitHub\u2019s username or email.

Although I am the main assignee for dependency updates on all of our front-end projects, I didn\u2019t want to read each PR independently. I started to look at how dependencies can be grouped, sorted, or something like that.\u00a0

So I found \u201cOne array to rule them all\u201d which saved me from a lot of buzzing noises on Friday , and it was the packageRules array. Each object in that array specifies which updates I want in each PR. In one PR it was necessary to receive updates only for major versions, the other was for patch and minor versions and it looks like this:<\/p> \"\"

or<\/p> \"\"

Each group can be named whatever you want and prioritized by\u00a0prPriority<\/em>. I wanted to assign some groups to other colleagues so I don\u2019t have to deal with everything. Because I am lazy. Just kidding.\u00a0

Other colleagues had different assignments because they were more familiar with some specific libraries, so I used\u00a0matchPackageNames<\/em>\u00a0and\u00a0matchPackagePatterns<\/em>.\u00a0

The matchPackagePatterns<\/em>\u00a0came very useful because you can use RegEx. I almost forgot to mention that for some of the dependencies, it wasn\u2019t necessary for them to be on the list of updates.\u00a0

Why? Well, because there\u2019s a Core team that deals with them every day at Productive, so I can set\u00a0enabled: false\u00a0<\/em>to stop Renovate from notifying me or them.\u00a0

For example:\u00a0<\/p> \"\"

Also, one of the useful commands is\u00a0baseBranches.<\/em>\u00a0With that command, you set which branch will be checked by the bot. That can be useful because most software products are not updated daily and the companies have specific procedures until some feature goes out to the public.<\/p> \"\"

Here\u2019s an example of the\u00a0renovate.json<\/em>\u00a0file with the basic configuration previously mentioned:\u00a0<\/p> \"\"

For every other option you want to add or explore, feel free to read\u00a0Renovate\u2019s documentation.<\/a>

Below, an example of one PR with a table (photo 1) and Release notes (photo 2).<\/p> \"\"

The table is pretty self-explanatory. You can see which package or whatever you want to call it can be updated to which version with some other data. The table itself is configurable, so you can tailor it to your preferences.<\/p> \"\"

Then there\u2019s a section with the release notes in which you can inspect each update individually with their specific\u00a0commits\u00a0and proper descriptions.<\/p>

What Issues Did We Encounter and How Did We Solve Them?<\/strong><\/h2>

Lastly, not everything is perfect. There were some issues we encountered in the implementation process.\u00a0

For instance, there are two types of PRs, normal and immortal ones. A normal PR is a PR with only one dependency. When you close a normal PR, the main problem is that the manager will \u201cthink\u201d that you maybe do not want to use that version of dependency and it will not notify you again. Immortal PRs can be closed because the manager will reopen them again, in our case those are grouped PRs. So, how do we deal with that feature\/issue?\u00a0We don\u2019t close PRs until each package is up-to-date.<\/strong>

Another issue I encountered is that PRs will be created inside\u00a0a\u00a0schedule, but the manager will notify you outside of a schedule when updates are made. For example, the PR schedule for creating PRs is on Friday, but in the meantime, a new version of a certain dependency would be published and I would receive a notification. That could be useful, but since I update versions on a weekly basis I added the\u00a0:noUnscheduledUpdates<\/em>\u00a0property, which\u00a0limits notifications only inside the schedule<\/strong>.

One issue that still bothers me is that I receive\u00a0vulnerability warnings<\/strong>\u00a0for dependencies in one PR for every warning. I wanted to group them, but it seems nobody figured out a solution for that, yet. Depending on when you read this article and if this problem is solved, please contact\u00a0me.\u00a0Our method is to update only the dependencies to stable versions and use that as a workaround.

The last issue we encountered was with\u00a0the\u00a0range strategy<\/strong>. Renovate will not update packages if there\u2019s a range indicator such as ^. That was weird to me, but they have a solution for that\u2014you can set a\u00a0rangeStrategy<\/em>\u00a0and Renovate has various options so that you can\u00a0adjust to\u00a0your app as you wish. We solved it by adding a \u201cbump\u201d rangeStrategy. We started with \u201creplace\u201d but when the manager reopened an immortal PR, dependencies that were on the closed PR\u2019s list wouldn\u2019t show up.<\/p>

Should You Use Renovate?<\/strong><\/h2>

In conclusion, if you ever get assigned to manage dependencies,\u00a0for the love of God, use a dependency manager.<\/strong> If you have to ask why, please read this blog post again, or contact me to remove this post.\u00a0

But, for real, it just makes your life easier. Renovate is a solution that was best suitable for us. Because of it, I do not need to go to the NPM\u2019s website to track every package if it has a new version available.

One of the annoying issues it also solved for me was that it keeps the noise to a minimum because of the \u201cschedule\u201d property. The noise was also reduced with the creation of groups for different types of versions.

Also, PRs are very easy to read and last, but not least, one of the best features of it is\u2014it\u2019s FREE.<\/strong><\/p> <\/a> <\/a> <\/a> \"\"

Antonio Bajivi\u0107<\/p> Working in web development and having fun with electronics brings me joy. In my free time, I mix working out, socializing, and reading. More From This Author <\/a>

Related articles<\/h2> \"\"

Workflow<\/p>

So, You\u2019ve Started Tracking Errors. Now What?<\/h2> <\/a> \"\"

Workflow<\/p>

Are You Documenting Your Project Enough?<\/h2> <\/a> \"\"

Workflow<\/p>

The Productive Way of Working<\/h2> <\/a> \"\"

Backend \u2022 Engineering<\/p>

Custom Fields: Give Your Customers the Fields They Need<\/h2> <\/a>

Related jobs<\/h2>

Open Job Application<\/p>

<\/p> <\/a>","protected":false},"excerpt":{"rendered":"Did you ever get caught up with a lot of non-updated dependencies and when you began updating them, you realized you missed a lot of things? ","protected":false},"author":46,"featured_media":727,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"es_utils_meta_schema":"","footnotes":""},"categories":[12],"tags":[],"class_list":["post-549","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-frontend"],"acf":[],"yoast_head":"\nKeep Track of Your Software\u2019s Third-Party Libraries - Building Productive<\/title>\n<meta name=\"description\" content=\"Did you ever get caught up with a lot of non-updated dependencies and when you began updating them, you realized you missed a lot of things?\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/productive.io\/engineering\/keep-track-of-your-dependencies\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Keep Track of Your Software\u2019s Third-Party Libraries\" \/>\n<meta property=\"og:description\" content=\"Did you ever get caught up with a lot of non-updated dependencies and when you began updating them, you realized you missed a lot of things?\" \/>\n<meta property=\"og:url\" content=\"https:\/\/productive.io\/engineering\/keep-track-of-your-dependencies\/\" \/>\n<meta property=\"og:site_name\" content=\"Building Productive\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-30T09:55:32+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/website-assets.productive.io\/uploads\/sites\/2\/2023\/03\/keep-track-of-your-dependencies.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1900\" \/>\n\t<meta property=\"og:image:height\" content=\"796\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Antonio Bajivi\u0107\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Antonio Bajivi\u0107\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"12 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/productive.io\/engineering\/keep-track-of-your-dependencies\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/productive.io\/engineering\/keep-track-of-your-dependencies\/\"},\"author\":{\"name\":\"Antonio Bajivi\u0107\",\"@id\":\"https:\/\/productive.io\/engineering\/#\/schema\/person\/e284c887d48ef8811062b28036d13d15\"},\"headline\":\"Keep Track of Your Software\u2019s Third-Party Libraries\",\"datePublished\":\"2026-01-30T09:55:32+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/productive.io\/engineering\/keep-track-of-your-dependencies\/\"},\"wordCount\":8,\"commentCount\":0,\"image\":{\"@id\":\"https:\/\/productive.io\/engineering\/keep-track-of-your-dependencies\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/website-assets.productive.io\/uploads\/sites\/2\/2023\/03\/keep-track-of-your-dependencies.webp\",\"articleSection\":[\"Frontend\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/productive.io\/engineering\/keep-track-of-your-dependencies\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/productive.io\/engineering\/keep-track-of-your-dependencies\/\",\"url\":\"https:\/\/productive.io\/engineering\/keep-track-of-your-dependencies\/\",\"name\":\"Keep Track of Your Software\u2019s Third-Party Libraries - Building Productive\",\"isPartOf\":{\"@id\":\"https:\/\/productive.io\/engineering\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/productive.io\/engineering\/keep-track-of-your-dependencies\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/productive.io\/engineering\/keep-track-of-your-dependencies\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/website-assets.productive.io\/uploads\/sites\/2\/2023\/03\/keep-track-of-your-dependencies.webp\",\"datePublished\":\"2026-01-30T09:55:32+00:00\",\"author\":{\"@id\":\"https:\/\/productive.io\/engineering\/#\/schema\/person\/e284c887d48ef8811062b28036d13d15\"},\"description\":\"Did you ever get caught up with a lot of non-updated dependencies and when you began updating them, you realized you missed a lot of things?\",\"breadcrumb\":{\"@id\":\"https:\/\/productive.io\/engineering\/keep-track-of-your-dependencies\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/productive.io\/engineering\/keep-track-of-your-dependencies\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/productive.io\/engineering\/keep-track-of-your-dependencies\/#primaryimage\",\"url\":\"https:\/\/website-assets.productive.io\/uploads\/sites\/2\/2023\/03\/keep-track-of-your-dependencies.webp\",\"contentUrl\":\"https:\/\/website-assets.productive.io\/uploads\/sites\/2\/2023\/03\/keep-track-of-your-dependencies.webp\",\"width\":1900,\"height\":796},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/productive.io\/engineering\/keep-track-of-your-dependencies\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/productive.io\/engineering\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Keep Track of Your Software\u2019s Third-Party Libraries\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/productive.io\/engineering\/#website\",\"url\":\"https:\/\/productive.io\/engineering\/\",\"name\":\"Building Productive\",\"description\":\"Just another Productive Sites site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/productive.io\/engineering\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/productive.io\/engineering\/#\/schema\/person\/e284c887d48ef8811062b28036d13d15\",\"name\":\"Antonio Bajivi\u0107\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/10026e31a1961cf3c469227176aa35586ec43954a84b346cab75b09c8cce8c26?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/10026e31a1961cf3c469227176aa35586ec43954a84b346cab75b09c8cce8c26?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/10026e31a1961cf3c469227176aa35586ec43954a84b346cab75b09c8cce8c26?s=96&d=mm&r=g\",\"caption\":\"Antonio Bajivi\u0107\"},\"description\":\"Working in web development and having fun with electronics brings me joy. In my free time, I mix working out, socializing, and reading.\",\"honorificPrefix\":\"Mr\",\"honorificSuffix\":\"MD\",\"birthDate\":\"1997-07-11\",\"gender\":\"male\",\"jobTitle\":\"Frontend Engineer\",\"url\":\"https:\/\/productive.io\/engineering\/author\/antoniobajivic1\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Keep Track of Your Software\u2019s Third-Party Libraries - Building Productive","description":"Did you ever get caught up with a lot of non-updated dependencies and when you began updating them, you realized you missed a lot of things?","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/productive.io\/engineering\/keep-track-of-your-dependencies\/","og_locale":"en_US","og_type":"article","og_title":"Keep Track of Your Software\u2019s Third-Party Libraries","og_description":"Did you ever get caught up with a lot of non-updated dependencies and when you began updating them, you realized you missed a lot of things?","og_url":"https:\/\/productive.io\/engineering\/keep-track-of-your-dependencies\/","og_site_name":"Building Productive","article_published_time":"2026-01-30T09:55:32+00:00","og_image":[{"width":1900,"height":796,"url":"https:\/\/website-assets.productive.io\/uploads\/sites\/2\/2023\/03\/keep-track-of-your-dependencies.webp","type":"image\/webp"}],"author":"Antonio Bajivi\u0107","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Antonio Bajivi\u0107","Est. reading time":"12 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/productive.io\/engineering\/keep-track-of-your-dependencies\/#article","isPartOf":{"@id":"https:\/\/productive.io\/engineering\/keep-track-of-your-dependencies\/"},"author":{"name":"Antonio Bajivi\u0107","@id":"https:\/\/productive.io\/engineering\/#\/schema\/person\/e284c887d48ef8811062b28036d13d15"},"headline":"Keep Track of Your Software\u2019s Third-Party Libraries","datePublished":"2026-01-30T09:55:32+00:00","mainEntityOfPage":{"@id":"https:\/\/productive.io\/engineering\/keep-track-of-your-dependencies\/"},"wordCount":8,"commentCount":0,"image":{"@id":"https:\/\/productive.io\/engineering\/keep-track-of-your-dependencies\/#primaryimage"},"thumbnailUrl":"https:\/\/website-assets.productive.io\/uploads\/sites\/2\/2023\/03\/keep-track-of-your-dependencies.webp","articleSection":["Frontend"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/productive.io\/engineering\/keep-track-of-your-dependencies\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/productive.io\/engineering\/keep-track-of-your-dependencies\/","url":"https:\/\/productive.io\/engineering\/keep-track-of-your-dependencies\/","name":"Keep Track of Your Software\u2019s Third-Party Libraries - Building Productive","isPartOf":{"@id":"https:\/\/productive.io\/engineering\/#website"},"primaryImageOfPage":{"@id":"https:\/\/productive.io\/engineering\/keep-track-of-your-dependencies\/#primaryimage"},"image":{"@id":"https:\/\/productive.io\/engineering\/keep-track-of-your-dependencies\/#primaryimage"},"thumbnailUrl":"https:\/\/website-assets.productive.io\/uploads\/sites\/2\/2023\/03\/keep-track-of-your-dependencies.webp","datePublished":"2026-01-30T09:55:32+00:00","author":{"@id":"https:\/\/productive.io\/engineering\/#\/schema\/person\/e284c887d48ef8811062b28036d13d15"},"description":"Did you ever get caught up with a lot of non-updated dependencies and when you began updating them, you realized you missed a lot of things?","breadcrumb":{"@id":"https:\/\/productive.io\/engineering\/keep-track-of-your-dependencies\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/productive.io\/engineering\/keep-track-of-your-dependencies\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/productive.io\/engineering\/keep-track-of-your-dependencies\/#primaryimage","url":"https:\/\/website-assets.productive.io\/uploads\/sites\/2\/2023\/03\/keep-track-of-your-dependencies.webp","contentUrl":"https:\/\/website-assets.productive.io\/uploads\/sites\/2\/2023\/03\/keep-track-of-your-dependencies.webp","width":1900,"height":796},{"@type":"BreadcrumbList","@id":"https:\/\/productive.io\/engineering\/keep-track-of-your-dependencies\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/productive.io\/engineering\/"},{"@type":"ListItem","position":2,"name":"Keep Track of Your Software\u2019s Third-Party Libraries"}]},{"@type":"WebSite","@id":"https:\/\/productive.io\/engineering\/#website","url":"https:\/\/productive.io\/engineering\/","name":"Building Productive","description":"Just another Productive Sites site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/productive.io\/engineering\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/productive.io\/engineering\/#\/schema\/person\/e284c887d48ef8811062b28036d13d15","name":"Antonio Bajivi\u0107","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/10026e31a1961cf3c469227176aa35586ec43954a84b346cab75b09c8cce8c26?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/10026e31a1961cf3c469227176aa35586ec43954a84b346cab75b09c8cce8c26?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/10026e31a1961cf3c469227176aa35586ec43954a84b346cab75b09c8cce8c26?s=96&d=mm&r=g","caption":"Antonio Bajivi\u0107"},"description":"Working in web development and having fun with electronics brings me joy. In my free time, I mix working out, socializing, and reading.","honorificPrefix":"Mr","honorificSuffix":"MD","birthDate":"1997-07-11","gender":"male","jobTitle":"Frontend Engineer","url":"https:\/\/productive.io\/engineering\/author\/antoniobajivic1\/"}]}},"featured_image":"https:\/\/website-assets.productive.io\/uploads\/sites\/2\/2023\/03\/keep-track-of-your-dependencies.webp","category":"Frontend","_links":{"self":[{"href":"https:\/\/productive.io\/engineering\/wp-json\/wp\/v2\/posts\/549","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/productive.io\/engineering\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/productive.io\/engineering\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/productive.io\/engineering\/wp-json\/wp\/v2\/users\/46"}],"replies":[{"embeddable":true,"href":"https:\/\/productive.io\/engineering\/wp-json\/wp\/v2\/comments?post=549"}],"version-history":[{"count":9,"href":"https:\/\/productive.io\/engineering\/wp-json\/wp\/v2\/posts\/549\/revisions"}],"predecessor-version":[{"id":826,"href":"https:\/\/productive.io\/engineering\/wp-json\/wp\/v2\/posts\/549\/revisions\/826"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/productive.io\/engineering\/wp-json\/wp\/v2\/media\/727"}],"wp:attachment":[{"href":"https:\/\/productive.io\/engineering\/wp-json\/wp\/v2\/media?parent=549"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/productive.io\/engineering\/wp-json\/wp\/v2\/categories?post=549"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/productive.io\/engineering\/wp-json\/wp\/v2\/tags?post=549"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}