Welcome to the Treehouse Community

The Treehouse Community is a meeting place for developers, designers, and programmers of all backgrounds and skill levels to get support. Collaborate here on code errors or bugs that you need feedback on, or asking for an extra set of eyes on your latest project. Join thousands of Treehouse students and alumni in the community today. (Note: Only Treehouse students can comment or ask questions, but non-students are welcome to browse our conversations.)

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and a supportive community. Start your free trial today.

JavaScript

Christopher Lebbano
Christopher Lebbano
15,338 Points

Why not just include the dependencies if you have to install them anyway?

https://teamtreehouse.com/library/npm-basics/installing-packages-with-npm/managing-dependencies-in-the-packagejson-file

In this video, Andrew talks about not including the dependencies files in your project so they wouldn't be included in your github repository. But, if someone downloads your project, it looks like they have to install those packages anyway? So why not just include them? Is it just to save space on your github?

1 Answer

Steven Parker
Steven Parker
216,148 Points

Yes, it does save space in your project's repository.

Sometimes the dependencies require many times the amount of space as the project using them.

It also allows the downloader to get the latest versions directly from the source that maintains them.

Christopher Lebbano
Christopher Lebbano
15,338 Points

I see, but couldn't having a newer version break the project in some cases? For example if I did not use the latest version for a specific reason, but they downloaded the newest version with npm after they downloaded by project.

andren
andren
28,521 Points

The version of the dependency that is installed will depend on the version range listed in the package.json file of the project.

Usually the range will be set to allow for minor and patch updates but not major updates. If the package follows the semver standard (which NPM is designed around) then it should not introduce potentially breaking changes in a minor or patch update.

It is true though that if the package does not follow semver (and there is nothing forcing it to do so) then you can end up with the issue you describe, it is one of the weaknesses of npm .

Yarn which is a recently released npm alternative (which is compatible with npm packages and projects) addressed this issue by generating a file that contains the exact versions of packages used, so that you are guaranteed to end up with the exact same package as the person that committed the project.

Steven Parker
Steven Parker
216,148 Points

Remember you don't always need to download the very latest version, you can (and generally would) download just the the same major release as used in the project but with the most recent bug fixes.