Hi, I would like to hear from others how npm dependencies are managed. I am typically doing this: - use npm shrink wrap - check in to git only that file but not the modules - once per iteration check for updates to all modules and decide to update or not
The issues I am seeing with this approach are: - I am typically not able to update my shrink wrap file with newer versions unless I recreate the file from scratch when many versions have changed. this means once per iteration this file might change a lot with many version updates - I have to manually review the changelog (if provided) of each used module and decide on a case by case to update or not. if I do so, it might bring in lots of updates from dependent modules. some modules might not even be managed anymore - there is no notification mechanism when a library was updated e.g. for security fixes Are people just updating to latest modules without reviewing the changes? One solution for me is to greatly reduce the number of dependencies I am using. going down from 20 to like 6 helped a lot managing the dependencies better, but this is not a real solution. I am actually missing good old Apache style libraries I guess from my Java times. Ben -- -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
