Kelly Selden
@kellyselden
All new PRs are failing for the same cryptic reason. CI was working fine yesterday. Master is broken even though no new commits.
n·p·m de·pend·en·cy hell
/enˈpēəm dəˈpendənsē hel/
noun
A dependency three layers deep updated and introduced a bug, violated semver, … or was deleted (left-pad).
"ember-browserify": "^1.0.0"
"ember-browserify": "1.0.0"
"ember-browserify": "1.1.0"
Yesterday
Today
"ember-browserify": "1.0.0"
"ember-browserify": "1.0.0"
Yesterday
Today
"browserify": "13.0.0"
"browserify": "13.0.1"
"ember-browserify": "1.0.0"
"browserify": "^13.0.0"
"ember-browserify": "1.0.0"
"ember-browserify": "1.0.0"
"ember-browserify": "1.0.0"
Yesterday
Today
"browserify": "13.0.0"
"browserify": "13.0.0"
"browserify": "13.0.0"
"glob": "5.0.15"
"glob": "5.0.16"
"glob": "^5.0.15"
And so on...
And so on...
And so on...
And so on...
And so on...
And so on...
And so on...
...even if you take all the hints out of your app.
When you install a new dependency, do you go through its entire dependency tree and audit every package: decide if they will follow SemVer and if the version hint applied is appropriate?
No
Which means your stuff is going to break.
Started as a pet project to alleviate pain points in Ember-Cli maintenance, but anyone can use. Not just Ember, anything using npm.