You Don't Know Your Dependencies

JSHeroes

April 2019

@a0viedo

I'm from Buenos Aires, Argentina

I work on backend systems and javascript

I help run NodeConf Argentina and also collaborate with other local communities

Hi! I'm Alejandro

@a0viedo

Pinning deps: yay or nay

@a0viedo
@a0viedo

Little known fact #1

Verdaccio is great to caching dependencies

@a0viedo

Little known fact #2

npm has the option to reference the filesystem

{
  "dependencies": {
    "cool": "file:../test-dir"
  }
}

lock-what?

npm / yarn / pnpm

@a0viedo

I've pushed a lockfile...now what?

npm ci

[

]

,

,

,

@a0viedo

(credit goes to @pugson on twitter)

size of your node_modules

Case of study:

1000 most depended modules

avg of 295

including devDependencies

production-only dependencies

avg of 30

Case of study:

prolific Open Source projects

including devDependencies

avg of 1052

Case of study:

prolific Open Source projects

production-only dependencies

avg of 426

TL;DR;

should you worry about your dependency tree size?

npx dep-verify

npx tbv

You Don't Know Your Dependencies

By Alejandro Oviedo García

You Don't Know Your Dependencies

  • 1,292