Managing dependencies
Choosing npm packages
Suppose you need to select a library, and you already know the requirements for which you are searching for this library. Here's what to consider when making the final decision:
- Bundle size. - Compare the bundle size of each package using https://pkg-size.dev/.
- Over engineering. - Evaluate how much unnecessary functionality this package offers. If it affects the bundle size, it's better to look for alternatives.
- Popularity. - The number of GitHub stars and monthly downloads.
- Activity. - How recently and how often the package has been updated? Activity in terms of issues and pull requests.
- Code quality. - Read the source code of the package.
Updating npm package versions
- Do not hurry to upgrade to major versions (especially in the context of big frameworks like Next.js), waite for at least 1-2 minor/patch versions afterward (unless it is needed and we embraced the risks).
- When updating a version, carefully read the package's Changelog to avoid breaking changes.
- Test all the functionality related to the updated package.
How to manage dependency versions
- Strictly specify versions of all npm packages. - Do not use any symbols (
^
,~
, etc.) - this can lead to sudden bugs, as you might easily overlook that some packages have been updated, miss testing-related functionality, fail to inform QA about it, and as a result, deliver bugs to production. - Use dependabot.
- Use npm-check-updates
Choosing a Dependency Manager
- Use pnpm - This is just one recommendation, but it's too big of a topic to discuss here.