npm dependencies

🤯

Dependency types

{ 
    "dependencies": { 
        "foo" : "1.0.0 - 2.9999.9999" 
    },
    "devDependencies": {
        "coffee-script": "~1.6.3"
    },
    "peerDependencies": {
        "tea": "2.x"
    }
}

Demo / Quiz

1. Only peer installed

2. Yours more recent

3. Your less recent

On npm install

dependencies: If compatible version is present: does nothing. If not, gets required version and puts it under its node_modules
devDependencies: nothing
peerDependencies: if version not ok, gives a warning (mind package lock)

On execution

Close to source version has precedence over global version

a.v1
b
 - a.v2

b code will use a-v2

Webpack

Does the same...

i.e. bundle contains multiple versions of the same library

Webpack

... in a smart way: removes same versions

a
 - b.v1
c
 - b.v2
d
 - b.v2

bundle contains b.v1 and b.v2

So everything works?

no

objects passed around could be of different kind
instance of
global variables or properties
all relies on semantic versioning

Semantic versioning

So what?

In your project

dependencies or devDependencies are the same: both are installed with npm install (careful with npm install --production)
keep your dependencies up to date

In your library

use peer dependencies (for big libraries shared among components, e.g. react, plugin, ...)
use version ranges (^1.2.3 := >=1.2.3 & <2.0.0 )
while developing install peer dependency by hand or add it to devDependencies
use semantic versioning!

Semantic versioning

Thanks

https://github.com/npm/node-semver

https://github.com/depsir