Skip to main content

Managing dependencies

Choosing npm packages

Suppose you need to select a library, and you already know the requirements for which you are searching for this library. Here's what to consider when making the final decision:

  • Bundle size. - Compare the bundle size of each package using https://pkg-size.dev/.
  • Over engineering. - Evaluate how much unnecessary functionality this package offers. If it affects the bundle size, it's better to look for alternatives.
  • Popularity. - The number of GitHub stars and monthly downloads.
  • Activity. - How recently and how often the package has been updated? Activity in terms of issues and pull requests.
  • Code quality. - Read the source code of the package.

Updating npm package versions

  • Do not hurry to upgrade to major versions (especially in the context of big frameworks like Next.js), waite for at least 1-2 minor/patch versions afterward (unless it is needed and we embraced the risks).
  • When updating a version, carefully read the package's Changelog to avoid breaking changes.
  • Test all the functionality related to the updated package.

How to manage dependency versions

  • Strictly specify versions of all npm packages. - Do not use any symbols (^, ~, etc.) - this can lead to sudden bugs, as you might easily overlook that some packages have been updated, miss testing-related functionality, fail to inform QA about it, and as a result, deliver bugs to production.
  • Use dependabot.
  • Use npm-check-updates

Choosing a Dependency Manager

  • Use pnpm - This is just one recommendation, but it's too big of a topic to discuss here.