Python dependencies are the external packages or modules a project imports to run, test, or build. They are usually installed from package indexes or pulled in through build tools, and they can include direct requirements as well as indirect packages inside a dependency tree.
They matter in cyber security because every dependency is part of the trusted code path. Attackers can abuse that trust by hiding malicious logic in a package, a build step, or a transitive dependency, so a harmless-looking proof-of-concept repository can become a malware delivery vehicle. Defenders reduce this risk by reviewing lockfiles and manifests, pinning versions, scanning packages, and running untrusted code in isolated environments with no sensitive tokens or keys.



