A wrapper library is a package that sits on top of another library or service and exposes a simpler, framework-friendly interface. It translates calls from the application into the underlying API, often hiding setup details or adapting data formats. For example, a React wrapper around a charting engine lets developers add visualizations without dealing directly with the engine’s low-level configuration.
Wrapper libraries matter in cyber security because they can become high-leverage dependencies. If a wrapper is compromised, malicious code may run in applications, build jobs, or CI/CD pipelines even when the wrapped library itself is unchanged. Attackers target wrappers because they are often widely installed and trusted by developers. Defenders should pin versions, review package scripts, monitor install-time behavior, and verify publisher identity before updating a wrapper that sits in a sensitive path.