Mendral Challenges Dependency Management Norms: 'You Should Not Update Your Dependencies in 2026'

The software development world is facing a fundamental shift in how we manage dependencies, with Mendral at the forefront of challenging long-held practices. In a thought-provoking article, the company posits that the old mantra of 'always keep dependencies updated' has not only become outdated but potentially dangerous in today's threat landscape.

"The old operating model was indeed fine in a much smaller, simpler tech world," explains the author, reflecting on the evolution from the 90s sysadmin era to today's complex supply chains. "In a more controlled and siloed environment, where you would depend on a handful of formally defined vendors that you could manually vet."

The exponential growth of open-source ecosystems has fundamentally changed this equation. What began as a security advantage—community-driven scrutiny—has become a liability as maintainers are often overworked and understaffed while their dependencies underpin most software in existence.

"The first 'realization', probably mid 2010s: open-source maintainers are not just free labor, they are also overworked, under-equipped, wildly understaffed, and just as competent or incompetent as anyone else," the article states.

This has led to what Mendral identifies as a critical turning point: the shift from supply chain vulnerability to supply chain compromise. Rather than finding existing vulnerabilities, attackers now find it easier to compromise developer accounts or tools and ship weaponized versions of dependencies.

"If 'the supply chain' is just (mostly) blindly trusted by about everyone without any actually useful verification, why even try to find an existing vulnerability in one of the links when it is much easier and cheaper to compromise developer accounts (or tools) and just ship a weaponized version of it?"

The situation has been exacerbated by the rise of AI coding agents, which have overwhelmed the last remaining human safety guardrail: code review.

"Whether AI does make senior engineers more (or less) productive is debated, but there is no denying that the last standing, already frail, human safety guardrail, the good old code review, has been trampled and overrun," the author explains. "Reputable, professional companies are now looking at fully automating SDLC, by letting agents merge other agents code without human intervention."

Mendral argues that humans can no longer effectively manage modern software supply chain security, and traditional automated update tools have become harmful.

"Blind installation and blind updating dependencies continuously (a-la dependabot), as a least-worse solution, just blew out of the train already, becoming the number one vector of distribution for highly publicized supply chain compromises in the past 12 months," the article contends. "'Latest' must die. Soft tags must die. Unpinned versions ranges must die."

The core insight Mendral presents is that dependency updates should be treated as untrusted code contributions.

"When your project receives a pull-request, it is (should be) thoroughly reviewed and verified before merging. But then, a dependency gets updated, and we just hit merge? Where does that make any sense exactly? How is a legitimately well-intentioned contributor to your project (possibly an employee) any more suspicious than anything coming from another GitHub project you do not control or actually know anything about?"

To address this challenge, Mendral is building a system that operates within CI environments to thoroughly review dependency updates. The system connects threat information, production event logs, source code, historical CI logs, and custom signals alongside secure sandbox environments.

"The system we are building at Mendral lives inside the CI. It connects threat information, production event logs, source code, historical CI logs, and any custom signals you want to add, alongside secure sandbox environments and a set of dedicated tools," the article explains.

When a dependency update PR lands, the agent reviews it for known issues like typo-squatting or malware, then assesses the scrutiny level warranted based on factors like the age of the requested version. When scrutiny crosses a threshold, the agent spins up a secure sandbox to inspect the package for compromise markers.

"The same loop runs for known vulnerabilities. Every raw CVE is evaluated for reachability and blast radius in the context of the specific repository branch carrying the offending dependency. The operator gets an alert that actually answers 'is our product affected?' and 'if yes, how bad is it in our context?'"

Mendral acknowledges that AI alone isn't a magic solution, but argues it excels at the mechanical, repetitive aspects of dependency review that humans tend to skim over.

"AI is not a magic wand and (at least for now) cannot outperform the best humans. Mendral cannot and will not tell you 'you are safe'. Nobody can. But AI is good at the mechanical, repetitive, exhausting parts: reading every diff of every dependency instead of skimming, checking changelogs for accuracy against actual changes, cross-referencing diffs against known compromise patterns, comparing a release against the previous N for behavioral drift."

The article concludes with a clear call to action: "You should not update your dependencies the way you currently do. Not by hand, because you cannot keep up. Not by Dependabot, because Dependabot is now the attack vector. Not by trusting 'I have used this library for years', because the library is one phished maintainer away from shipping you a cryptominer. Dependencies are untrusted contributions. Treat them as such."

Mendral is shipping the first version of this system in their next platform release, signaling a fundamental shift in how the industry approaches dependency management in an increasingly complex threat landscape.

For more information about Mendral's approach, you can visit their official website and read the full article here.