> So if a security fix is coming in 3 major releases later, you have a lot more work to catch up.
I find that there is an overhead, at least mentally, for going into code to make a change. So for me it is faster to make three changes at once than make one change three times. So it is actually less work to catch up; On Wed, Aug 14, 2013 at 10:06 AM, Benjamin Pasero <[email protected] > wrote: > With Apache I feel there is a process around releases and I expect a > higher quality from official Apache libraries compared to some little node > module that I found somewhere and is not maintained for months and even > buggy. > > As for not updating unless needed: The longer you wait to update the more > changes will come in. So if a security fix is coming in 3 major releases > later, you have a lot more work to catch up. > > And yes, its odd that some versions of packages are no longer available > through NPM at some point in time... > > On Wednesday, August 14, 2013 6:25:30 PM UTC+2, Mark Hahn wrote: >> >> > Are people just updating to latest modules without reviewing the >> changes? >> >> I never upgrade unless I find a bug or need a new feature. Things are >> more stable that way. >> >> On Wed, Aug 14, 2013 at 2:54 AM, Brian Lalor <[email protected]> wrote: >> >>> On Aug 14, 2013, at 2:18 AM, Benjamin Pasero <[email protected]> >>> wrote: >>> >>> > I am actually missing good old Apache style libraries I guess from my >>> Java times. >>> >>> How is npm any different in this regard? With Java projects, presumably >>> you're using a sane dependency management system like Maven or Ivy that >>> takes care of resolving transitive dependencies. You still list out the >>> dependencies *your* project has (in pom.xml or package.json) and the >>> dependency resolution mechanism takes care of pulling in the rest. You >>> still have to be aware of the changes being introduced by the dependency >>> chain, except that with npm a transitive dependency will only impact the >>> library that required it (thanks to the snazzy nested node_modules folders). >>> >>> -- >>> Brian Lalor >>> [email protected] >>> http://github.com/blalor >>> >>> -- >>> -- >>> Job Board: http://jobs.nodejs.org/ >>> Posting guidelines: https://github.com/joyent/**node/wiki/Mailing-List-* >>> *Posting-Guidelines<https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines> >>> You received this message because you are subscribed to the Google >>> Groups "nodejs" group. >>> To post to this group, send email to [email protected] >>> To unsubscribe from this group, send email to >>> nodejs+un...@**googlegroups.com >>> For more options, visit this group at >>> http://groups.google.com/**group/nodejs?hl=en?hl=en<http://groups.google.com/group/nodejs?hl=en?hl=en> >>> >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "nodejs" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to nodejs+un...@**googlegroups.com. >>> For more options, visit >>> https://groups.google.com/**groups/opt_out<https://groups.google.com/groups/opt_out> >>> . >>> >>> >>> >> -- > -- > Job Board: http://jobs.nodejs.org/ > Posting guidelines: > https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines > You received this message because you are subscribed to the Google > Groups "nodejs" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/nodejs?hl=en?hl=en > > --- > You received this message because you are subscribed to the Google Groups > "nodejs" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
