ericcornelissen / depreman

Manage npm deprecations
https://www.npmjs.com/package/depreman
GNU Affero General Public License v3.0
0 stars 0 forks source link

More permissive version ranges for "prod" dependencies #12

Closed ericcornelissen closed 1 month ago

ericcornelissen commented 1 month ago

The dependency ranges of direct dependencies should be as permissive as possible (i.e. ^5.0.0 instead of ^5.1.0). This enables npm (or yarn or w/e) to deduplicate dependencies used in multiple hierarchies in more cases. There is no negative effect because in the case of a vulnerability or deprecation users can always upgrade to the most recent version.

Currently we have:

https://github.com/ericcornelissen/depreman/blob/ca84b6e8dfc5f81037f2f3d1e1de11a59c2ed0d7/package.json#L34-L35

See also this script as a potential check in this regard.

ericcornelissen commented 1 month ago

Resolved with e4ab16629e7702ae8b77c7a409f06d05e825fcae