B2B Commerce Cloud supports a standard set of third-party libraries that fulfill common requirements such as SFTP and XML parsing. By standardizing on a finite set of libraries, Optimizely mitigates the risk of binary incompatibility from conflicting libraries and reduces the security risk of unsupported libraries. With that in mind, packages outside the "allowedLibraries.txt" allow list should not be referenced by or included in any deployments to B2B Commerce Cloud.
To meet new requirements, periodic additions to this list are expected, and Optimizely welcomes suggestions on what new libraries to include. The following is the process for requesting that a package be added to the list:
- Review the allowedLibraries.json file from the insite-commerce-cloud Git repository. (At the time of writing, the file is saved to /src/tools/PowerShellScripts.)
- Confirm that the desired package is not in the whitelist, and that no other libraries listed there are a good substitute.
- Submit a support ticket requesting that the desired package be added to the whitelist, identifying the name and source of the package as well as the reasons for wanting to add the package. Please be aware that this review process takes about four weeks.
- Optimizely will evaluate the request based a few criteria, such as,
- The desired package is important to the success of the project
- None of the existing allowed packages meet the needed requirements
- The package appears to have sufficient backing as to be maintained and secure going forward
- The requirement is best met by a third party library rather than a base code change
- If approved, the change to the whitelist will be scheduled for release
Last updated: Dec 11, 2020