> That means we have to maintain multiple copies of the same library and
that increases our effort to maintain it.

The maintenance cost is reduced since they're just bundled with the
package. You can treat each release of say gulp as a snapshot of their deps
and bundle it with them. Packages specify dep versions for a reason and
it's not super safe to assume they'll function correctly with deps outside
of those specified ranges.

> When we update a dependency to latest version, we ensure all the
packages depending on it continue to work by running tests

Sounds kinda fragile.

> The terms of the license allow me to flatten the dependencies.

You're totally free to but I'm also free to discourage incorrect use of the
package.


BTW are these Debian packages targeting a specific Node version?

-JDD
-- 
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel

Reply via email to