# What Dependencies Are Allowed in AI Engineering from Scratch and Why > Discover allowed dependencies in AI Engineering from Scratch lessons. Learn core math and algorithms without large frameworks. Focus on numpy torch hono zod and standard libraries for deeper understanding. - Repository: [Rohit Ghumare/ai-engineering-from-scratch](https://github.com/rohitg00/ai-engineering-from-scratch) - Tags: best-practices - Published: 2026-06-07 --- **AI Engineering from Scratch restricts lesson code to a small, language-specific allow-list of core libraries—such as `numpy` and `torch` for Python, `hono` and `zod` for TypeScript, and the standard library only for Rust—so students learn the underlying math and algorithms without hiding mechanics behind large frameworks.** The `rohitg00/ai-engineering-from-scratch` curriculum follows a strict **stdlib-first** philosophy. Every lesson is designed to teach the fundamentals of AI algorithms by exposing the mathematics inside tensors, forward passes, and back-propagation rather than wrapping them in high-level APIs. To protect that focus, the repository maintains a concise dependency allow-list in [`AGENTS.md`](https://github.com/rohitg00/ai-engineering-from-scratch/blob/main/AGENTS.md) (lines 52–58) and enforces it through automated CI checks. ## Python Dependencies Allowed in AI Engineering from Scratch ### Approved Python Packages and Rationale According to the source code, Python lessons may import only **`numpy`**, **`torch`**, **`h5py`**, **`zstandard`**, **`safetensors`**, and the **Python stdlib**. These external libraries are permitted because they provide the minimal primitives needed to implement the mathematics of tensors, neural-network forward and backward propagation, data loading, and model serialization. The maintainers chose this set deliberately. Each package is mature, well-documented, and keeps lessons concise while still forcing students to work directly with linear-algebra operations. Because higher-level frameworks like `tensorflow` or `sklearn` are excluded, learners must write activation functions, loss gradients, and layer logic by hand. ```python import numpy as np def relu(x: np.ndarray) -> np.ndarray: """Apply ReLU element-wise.""" return np.maximum(0, x) def forward(weights: np.ndarray, bias: np.ndarray, x: np.ndarray) -> np.ndarray: """Simple linear layer + ReLU.""" z = weights @ x + bias return relu(z) ``` ## TypeScript Dependencies Allowed in AI Engineering from Scratch ### Approved TypeScript Packages and Rationale TypeScript lessons are limited to **`hono`**, **`zod`**, **`ws`** (only when WebSockets are explicitly required), **`@hono/node-server`**, and the **Node 20+ stdlib**. As implemented in `rohitg00/ai-engineering-from-scratch`, `hono` supplies a tiny HTTP server for inference-API demonstrations, while `zod` adds type-safe validation without dragging in a heavyweight framework. The `ws` module is gated behind a specific use-case requirement: it may appear only in lessons that explicitly teach WebSocket-based streaming. Every other TypeScript file is expected to rely on the native Node runtime, reinforcing familiarity with the language’s own APIs and keeping the environment lightweight. ```typescript import { Hono } from "hono"; import { z } from "zod"; const app = new Hono(); const InputSchema = z.object({ prompt: z.string().min(1), }); app.post("/infer", async (c) => { const body = await c.req.json(); const parsed = InputSchema.safeParse(body); if (!parsed.success) return c.json({ error: "Invalid payload" }, 400); // Dummy inference – the real lesson would call a pure-TS model implementation. return c.json({ answer: `You said: ${parsed.data.prompt}` }); }); ``` ## Rust and Julia Dependency Rules ### Rust Stdlib-Only Policy Rust lessons are **stdlib only** and compiled as a single file with `rustc --edition 2021`. No external crates are permitted. This restriction ensures students confront low-level memory management and algorithmic implementation directly. Because crates like `ndarray` or `burn` are disallowed, nothing obscures the learning goals of manual tensor indexing and pointer logic. ```rust use std::io::{self, Write}; fn relu(x: f64) -> f64 { if x > 0.0 { x } else { 0.0 } } fn main() { let weight = 1.5; let bias = 0.2; let input = 2.0; let linear = weight * input + bias; let output = relu(linear); println!("Output: {}", output); } ``` ### Julia Standard Library Modules Julia lessons rely exclusively on **`Random`**, **`Statistics`**, **`LinearAlgebra`**, and **`Printf`**—all of which are part of the Julia standard library. These modules already cover random number generation, statistical functions, linear-algebra operations, and formatted output. Consequently, the curriculum does not need any third-party packages to run its numeric experiments. ```julia using LinearAlgebra, Random function relu(x) max.(0, x) end W = randn(3, 3) b = randn(3) x = randn(3) y = relu(W * x .+ b) println(y) ``` ## Why the AI Engineering from Scratch Dependency Allow-List Is Strict The narrow dependency policy serves four educational goals: - **Educational clarity** – By limiting external code, students see exactly *how* each operation is performed rather than assuming it works magically inside a large framework. - **Portability** – Lessons can be executed in minimal environments, such as a fresh virtualenv or a clean Node project, without pulling a long dependency tree. - **Reproducibility** – Fewer third-party components reduce version-lock and compatibility issues across different machines or CI runners. - **Focus on algorithmic thinking** – The approved packages expose only mathematical primitives—tensors, linear algebra, and data I/O—needed to implement back-propagation, attention mechanisms, and tokenization without the distraction of higher-level APIs. ## How the Repository Enforces the Dependency Allow-List Compliance is not optional. If a contributor imports a library outside the approved set, the CI audit script [`scripts/audit_lessons.py`](https://github.com/rohitg00/ai-engineering-from-scratch/blob/main/scripts/audit_lessons.py) detects the violation and flags the build, asking the author to replace the disallowed import with a stdlib-only solution or an approved package. The script audits every lesson file against the canonical rules defined in [`AGENTS.md`](https://github.com/rohitg00/ai-engineering-from-scratch/blob/main/AGENTS.md), citing the principle that every contribution must stay "stdlib-first for educational clarity." Example lessons in paths such as [`phases/02-linear-algebra/01-vector-addition/code/main.py`](https://github.com/rohitg00/ai-engineering-from-scratch/blob/main/phases/02-linear-algebra/01-vector-addition/code/main.py) demonstrate the expected style in practice. ## Summary - **AI Engineering from Scratch** maintains a strict, per-language allow-list so lessons remain stdlib-first and educationally transparent. - **Python** may use `numpy`, `torch`, `h5py`, `zstandard`, `safetensors`, and stdlib modules only. - **TypeScript** may use `hono`, `zod`, `ws` (when WebSockets are required), `@hono/node-server`, and Node 20+ stdlib. - **Rust** is limited to a single-file, stdlib-only build with `rustc --edition 2021`. - **Julia** draws on stdlib modules such as `LinearAlgebra` and `Random` with no external packages. - Violations are caught automatically by [`scripts/audit_lessons.py`](https://github.com/rohitg00/ai-engineering-from-scratch/blob/main/scripts/audit_lessons.py), which references the canonical rules in [`AGENTS.md`](https://github.com/rohitg00/ai-engineering-from-scratch/blob/main/AGENTS.md). ## Frequently Asked Questions ### Why does AI Engineering from Scratch ban most external libraries? The curriculum is deliberately **stdlib-first** so that students learn the mechanics of forward propagation, back-propagation, and tensor math directly. Large frameworks would hide those details behind black-box APIs, defeating the pedagogical purpose of the repository. ### What happens if a lesson uses a dependency not on the allow-list? The continuous integration script [`scripts/audit_lessons.py`](https://github.com/rohitg00/ai-engineering-from-scratch/blob/main/scripts/audit_lessons.py) detects the unapproved import and flags the pull request. The contributor must then replace the disallowed library with an stdlib-only solution or one of the specifically approved packages. ### Is PyTorch the only deep-learning framework allowed in the curriculum? Yes. Among deep-learning stacks, only **`torch`** appears on the Python allow-list in [`AGENTS.md`](https://github.com/rohitg00/ai-engineering-from-scratch/blob/main/AGENTS.md). It is permitted because it provides the low-level tensor and autograd primitives necessary for neural-network lessons while still requiring students to build higher-level architectures themselves. ### Why is Rust limited to stdlib only while Python can use numpy? Rust lessons aim to teach low-level memory management and algorithmic implementation in a single file compiled with `rustc --edition 2021`. External crates would abstract away ownership, borrowing, and raw indexing details that the curriculum wants to expose. Python, by contrast, needs `numpy` and `torch` to supply efficient tensor operations while the lesson code still defines every layer and activation function explicitly.