Transitive Dependency

A dependency your software inherits indirectly -- you depend on library A, which depends on library B, which depends on library C. You never chose to include C, but it's running in your product. Transitive dependencies are where most supply chain risk hides: they're easy to overlook, hard to audit, and frequently maintained by a single volunteer. A typical Node.js application can have thousands of transitive dependencies.