Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

JavaScript

Christopher Lebbano
Christopher Lebbano
15,338 Points

Why not just include the dependencies if you have to install them anyway?

https://teamtreehouse.com/library/npm-basics/installing-packages-with-npm/managing-dependencies-in-the-packagejson-file

In this video, Andrew talks about not including the dependencies files in your project so they wouldn't be included in your github repository. But, if someone downloads your project, it looks like they have to install those packages anyway? So why not just include them? Is it just to save space on your github?

1 Answer

Steven Parker
Steven Parker
228,978 Points

Yes, it does save space in your project's repository.

Sometimes the dependencies require many times the amount of space as the project using them.

It also allows the downloader to get the latest versions directly from the source that maintains them.

Christopher Lebbano
Christopher Lebbano
15,338 Points

I see, but couldn't having a newer version break the project in some cases? For example if I did not use the latest version for a specific reason, but they downloaded the newest version with npm after they downloaded by project.

andren
andren
28,558 Points

The version of the dependency that is installed will depend on the version range listed in the package.json file of the project.

Usually the range will be set to allow for minor and patch updates but not major updates. If the package follows the semver standard (which NPM is designed around) then it should not introduce potentially breaking changes in a minor or patch update.

It is true though that if the package does not follow semver (and there is nothing forcing it to do so) then you can end up with the issue you describe, it is one of the weaknesses of npm .

Yarn which is a recently released npm alternative (which is compatible with npm packages and projects) addressed this issue by generating a file that contains the exact versions of packages used, so that you are guaranteed to end up with the exact same package as the person that committed the project.

Steven Parker
Steven Parker
228,978 Points

Remember you don't always need to download the very latest version, you can (and generally would) download just the the same major release as used in the project but with the most recent bug fixes.