The dependency ranges of direct dependencies should be as permissive as possible (i.e. ^5.0.0 instead of ^5.1.0). This enables npm (or yarn or w/e) to deduplicate dependencies used in multiple hierarchies in more cases. There is no negative effect because in the case of a vulnerability or deprecation users can always upgrade to the most recent version.
The dependency ranges of direct dependencies should be as permissive as possible (i.e.
^5.0.0
instead of^5.1.0
). This enables npm (or yarn or w/e) to deduplicate dependencies used in multiple hierarchies in more cases. There is no negative effect because in the case of a vulnerability or deprecation users can always upgrade to the most recent version.Currently we have:
https://github.com/ericcornelissen/depreman/blob/ca84b6e8dfc5f81037f2f3d1e1de11a59c2ed0d7/package.json#L34-L35
See also this script as a potential check in this regard.