{"title":"Agent Environment & Dependency Management","region":"Global","category":"Engineering","description":"Securing the software supply chain and runtime dependencies for autonomous agents.","lastUpdated":"2026-02-27","steps":["Pin all Python/Node dependencies to exact versions using lockfiles.","Enforce hash-based verification for all third-party package installs.","Scan dependencies for known CVEs at build time using tools like Snyk or Grype.","Isolate agent runtimes using virtual environments (venv/conda) or Nix.","Use a private registry for internal 'Agent Skills' or tool-definitions.","Audit 'Indirect Dependencies'—the packages your packages depend on."],"url":"https://checklist.day/agent-dependency-integrity"}