Echo JS 0.11.0

<~>
fcambus 3830 days ago.
I would be interested to know your personal experiences about managing npm module dependencies within your projects.

I'm aware of tools such as David which automatically tracks dependencies, and can even display badges one can embed in README files : https://david-dm.org

Basically, what I'm wondering about precisely is when to decide to update the package.json file. Also, now that the  caret (^) prefix appeared (and is the new default when doing npm install --save), there is an even greater number of available options to consider.

What are your thoughts on this topic?

bevacqua 3830 days ago. link 3 points
You can use [Gemnasium][0] too, to get email notifications when new versions of things you depend upon have been released.

I'd say you have to update once in a while or if you run into walls because of bugs that have been fixed in later releases. Other than that I feel like being obsessed with updating your dependencies is a waste of time for little gain, because Node-folk update their packages pretty frequently..

[0]: https://gemnasium.com/
fcambus 3827 days ago. link 1 point
Thanks for your input Nico. Actually, that's pretty much what I've been doing, and what I believe mostly everyone is doing : only updating in case I need to use new features.

It's always good to have someone else point of view though.
bevacqua 3825 days ago. link 2 points
For what is worth, Gemnasium just emailed me about a new feature where they seemingly have a CLI that auto-updates deps in your projects granted that your tests pass after the update... May be another approach
bahmutov 3830 days ago. link 2 points
I use badges from david-dm.org and whenever I see red (minor patch out of date) for either dependencies or dev dependencies I use my tool next-update (https://github.com/bahmutov/next-update) to actually update dependencies one by one to latest version. The key is that next-update runs your tests and tells you if something fails. So you upgrade only with dependencies that do not break your project. There is even a public anonymous stats telling how likely a particular update to break stuff http://next-update.herokuapp.com/

I also use grunt-nice-package https://github.com/bahmutov/grunt-nice-package to remove all *, ^ and ~ from dependency versions - I want to have the exact versions, even a patch update can break stuff.
fcambus 3822 days ago. link 1 point
next-update looks interesting, I will give it a try. Meanwhile, I posted it on the site as I think it can be useful for everyone.

Thanks for your input.