My company is pushing me to start committing our NPM deps to our project's git repo. I strongly dislike this idea for many reasons but there's one point I can't argue:While we can control which specific versions we list as dependencies, those libraries can still be generic as to the versions they depend on. They see no possible way for us to guarantee that everyone has the exact same version of every library, all the way down the tree.Apparently some build failed because of an issue with a new minor version of a deep dependency.Is there any solution to this? Committing our deps feels dirty.
Submitted November 24, 2015 at 05:24PM by nolikeycommitdeps
No comments:
Post a Comment