I was asked to do some dependency cleaning on an existing node project on which npm install leads to a cascade of warnings about deprecation, security issues, etc. Some of these dependencies are not used anywhere in the code (npm install --save was probably used). Some are used and require a specific version of the package. Some don't. In short: it's a mess.Regardless of what the previous dev did, I don't understand how this package approach can be sustainable.If we update to the latest version of the packages, we might break compatibility.If we don't update, we get loads of warnings regarding security and maintenance issues. Even if we do update, we still don't have the control over the dependencies of our dependencies.It seems to be common to blindly install packages they are needed. How does one get out of this hell?
Submitted July 10, 2018 at 12:03PM by F00Barfly
No comments:
Post a Comment