# Allowed and Banned Dependencies in AI Engineering From Scratch: Language-Specific Guide > Understand allowed and banned dependencies for AI Engineering From Scratch projects. Discover the strict stdlib-first policy and language-specific allow-lists to ensure compliant code. - Repository: [Rohit Ghumare/ai-engineering-from-scratch](https://github.com/rohitg00/ai-engineering-from-scratch) - Tags: best-practices - Published: 2026-06-05 --- **The AI Engineering From Scratch curriculum enforces a strict stdlib-first policy where each language maintains an explicit allow-list of third-party packages; any dependency not listed in [`AGENTS.md`](https://github.com/rohitg00/ai-engineering-from-scratch/blob/main/AGENTS.md) is banned and must be omitted with an explanatory comment.** The `rohitg00/ai-engineering-from-scratch` repository implements rigorous dependency constraints to ensure educational clarity and portability. All lesson code must adhere to the **allowed and banned dependencies** defined in the **AGENTS.md** file, which mandates a stdlib-first approach across Python, TypeScript, Rust, and Julia implementations. ## The Stdlib-First Policy and AGENTS.md The governing rules for allowed and banned dependencies are codified in [`AGENTS.md`](https://github.com/rohitg00/ai-engineering-from-scratch/blob/main/AGENTS.md) at the repository root. This file establishes that lesson implementations should minimize external dependencies to reduce cognitive load and dependency fragility. If a required package falls outside the explicit allow-list, contributors must skip the import and add a comment explaining the stdlib-first decision. ## Allowed Dependencies by Language Each supported language maintains specific permitted packages alongside its standard library. The following sections detail the exact allow-lists enforced in the codebase. ### Python Dependencies Python lessons may import from the standard library plus five specific scientific-computing packages. According to [`AGENTS.md`](https://github.com/rohitg00/ai-engineering-from-scratch/blob/main/AGENTS.md), the allowed third-party libraries are: - `numpy` - `torch` - `h5py` - `zstandard` - `safetensors` All other packages—including common data science tools like `pandas`, `scikit-learn`, or `requests`—are strictly prohibited. **Example using an allowed library:** ```python import numpy as np # ✅ allowed def l2_norm(v): return np.sqrt(np.sum(v ** 2)) print(l2_norm(np.array([3, 4]))) # → 5.0 ``` **Example of a banned import:** ```python # import pandas as pd # ❌ banned – staying stdlib-first for educational clarity. ``` ### TypeScript Dependencies TypeScript lessons target Node.js 20+ and permit only four specific npm packages beyond the standard library: - `hono` (lightweight web framework) - `zod` (validation) - `ws` (WebSockets only) - `@hono/node-server` Packages like `express`, `lodash`, or `axios` are banned. **Example using allowed packages:** ```typescript import { Hono } from 'hono'; // ✅ allowed import { z } from 'zod'; // ✅ allowed const app = new Hono(); const querySchema = z.object({ name: z.string() }); app.get('/greet', (c) => { const result = querySchema.safeParse(c.req.query()); if (!result.success) return c.text('Invalid query', 400); return c.text(`Hello, ${result.data.name}!`); }); export default app; ``` **Example of a banned import:** ```typescript // import express from 'express'; // ❌ banned – staying stdlib-first for educational clarity. ``` ### Rust Dependencies Rust implementations must compile as single-file programs using `rustc --edition 2021` with **no external crates**. The curriculum permits only the Rust standard library. Lessons cannot include [`Cargo.toml`](https://github.com/rohitg00/ai-engineering-from-scratch/blob/main/Cargo.toml) dependencies or external crate imports. **Example stdlib-only implementation:** ```rust // ✅ No external crates; only stdlib is used. fn fibonacci(n: u32) -> u64 { match n { 0 => 0, 1 => 1, _ => fibonacci(n - 1) + fibonacci(n - 2), } } fn main() { println!("fib(10) = {}", fibonacci(10)); } ``` ### Julia Dependencies Julia lessons are restricted to modules included in the standard library: - `Random` - `Statistics` - `LinearAlgebra` - `Printf` External packages such as `DataFrames.jl` or `Flux.jl` are banned. **Example using allowed stdlib modules:** ```julia using Random # ✅ allowed (stdlib) function random_vector(dim::Int) return randn(dim) end println(random_vector(5)) ``` **Example of a banned import:** ```julia # using DataFrames # ❌ banned – staying stdlib-first for educational clarity. ``` ## Handling Banned Dependencies When lesson logic might typically require a banned package, the contribution guidelines require explicit documentation. Instead of importing the prohibited dependency, developers must comment out the import and explain the stdlib-first constraint. The standard comment format is: ```python # stdlib-first: pandas is banned – staying stdlib-first for educational clarity. ``` This pattern appears in [`LESSON_TEMPLATE.md`](https://github.com/rohitg00/ai-engineering-from-scratch/blob/main/LESSON_TEMPLATE.md) and example code throughout the repository to maintain transparency about pedagogical constraints. ## Key Files Governing Dependency Rules Understanding the dependency structure requires examining several canonical files: - **[`AGENTS.md`](https://github.com/rohitg00/ai-engineering-from-scratch/blob/main/AGENTS.md)**: Defines the Dependencies table and stdlib-first mandate. - **[`LESSON_TEMPLATE.md`](https://github.com/rohitg00/ai-engineering-from-scratch/blob/main/LESSON_TEMPLATE.md)**: Provides scaffolding ensuring new lessons adhere to import restrictions. - **`phases/*/code/main.`**: Reference implementations demonstrating valid dependency usage (e.g., [`phases/01-foundations/01-hello-world/code/main.py`](https://github.com/rohitg00/ai-engineering-from-scratch/blob/main/phases/01-foundations/01-hello-world/code/main.py)). ## Summary - The repository enforces a strict **stdlib-first policy** across all lesson code in `rohitg00/ai-engineering-from-scratch`. - **[`AGENTS.md`](https://github.com/rohitg00/ai-engineering-from-scratch/blob/main/AGENTS.md)** serves as the canonical source for allowed and banned dependencies. - **Python** permits five specific libraries: `numpy`, `torch`, `h5py`, `zstandard`, and `safetensors`. - **TypeScript** allows `hono`, `zod`, `ws`, and `@hono/node-server` only. - **Rust** and **Julia** implementations must use standard library features exclusively. - Banned imports require commented explanations citing the stdlib-first policy. ## Frequently Asked Questions ### Where are the dependency rules documented in the repository? The definitive source is the **[`AGENTS.md`](https://github.com/rohitg00/ai-engineering-from-scratch/blob/main/AGENTS.md)** file in the repository root, specifically the Dependencies table. This document lists the explicit allow-lists for Python, TypeScript, Rust, and Julia, establishing the stdlib-first constraint that classifies all non-listed packages as banned. ### Can I use pandas or scikit-learn in Python lessons? No. While these are common in data science, they are **banned** under the current policy. Python lessons must rely on the standard library plus only `numpy`, `torch`, `h5py`, `zstandard`, and `safetensors`. If you encounter a scenario requiring `pandas`, you must implement the functionality using allowed libraries or skip the import with an explanatory comment. ### Why does the Rust curriculum forbid external crates? The Rust lessons are designed to compile as single-file programs using `rustc --edition 2021` without a [`Cargo.toml`](https://github.com/rohitg00/ai-engineering-from-scratch/blob/main/Cargo.toml). This constraint ensures maximum portability and focuses instruction on the Rust standard library's capabilities. External crates would introduce build complexity that contradicts the educational goal of understanding core language features. ### How should I handle a dependency that is not on the allow-list? When you need functionality typically provided by a banned package, you must omit the import and add a comment explaining the decision. The standard format is `# stdlib-first: [package] is banned – staying stdlib-first for educational clarity.` This documents the pedagogical constraint while keeping the code valid according to the repository's dependency rules.