Skip to content

💭 what if we didn't specify package versions? #19

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

💭 what if we didn't specify package versions? #19

wants to merge 1 commit into from

Conversation

philschatz
Copy link
Collaborator

It's only been 2 weeks and we we already have a bunch of deprecations. How crazy would it be to just blow away package-lock.json every now and again?

npm warn deprecated [email protected]: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm warn deprecated @humanwhocodes/[email protected]: Use @eslint/config-array instead
npm warn deprecated [email protected]: Rimraf versions prior to v4 are no longer supported
npm warn deprecated @humanwhocodes/[email protected]: Use @eslint/object-schema instead
npm warn deprecated [email protected]: Glob versions prior to v9 are no longer supported
npm warn deprecated [email protected]: Glob versions prior to v9 are no longer supported
npm warn deprecated [email protected]: Glob versions prior to v9 are no longer supported
npm warn deprecated [email protected]: Glob versions prior to v9 are no longer supported
npm warn deprecated [email protected]: Glob versions prior to v9 are no longer supported

@chrisbendel
Copy link
Collaborator

this is wild 🤣

I feel like locking into versions is generally good, as cumbersome as these dependency upgrades are. We could have a monthly chore to upgrade any deps that way we at least stay on top of it and just budget that into our sprints. i totally get the pain point though, maybe theres a more clever way of doing this

@nathanstitt
Copy link
Member

Hm, if we did this, then anytime a dev ran npm install it would potentially perform major updates, right? Like when react 19 is released suddenly a jr dev might unknowingly jump onto that version and be lost when everything breaks?

I use a utility called ncu https://www.npmjs.com/package/npm-check-updates that checks for updates and updates package.json after showing you the changes. as @chrisbendel suggests, we could run that periodically.

@philschatz
Copy link
Collaborator Author

philschatz commented Aug 13, 2024
edited
Loading

Hm, if we did this, then anytime a dev ran npm install it would potentially perform major updates, right?

No, the package-lock.json will ensure that the exact same versions are always installed.

As a bigger example, I updated my monorepo to use * mostly in package.json

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@philschatz @chrisbendel @nathanstitt