Best practices for management
- Try for better Compatibility: Whenever possible try to choose dependency versions that work well together to minimize the need for overrides.
- Check for Security risks: If you dependencies or any nested dependencies have security vulnerability make sure you update or override it to a secure version.
- Use Exact Versions: For dependencies with lack of compatible version keep track and use an exact versions that works with other dependency so that you can avoid unexpected or breaking changes in future updates.
- Documentation: Try to document the working versions and changes made in the package.json file or any other file with respective to the dependency version. Also try to explain the reasons for overrides or other methods used for version changes.
- Automation is not perfect: If you are using automation tools like npm-check-updates or yarn-upgrade-all then carefully test you project after the automated updates as they might not always handle nested dependencies perfectly.
How to override nested NPM dependency versions?
In projects the packages download and used using npm are called dependency and each dependencies can have their own nested dependencies that also gets downloaded. These nested dependency creates conflicts due to the presence of multiple version of the same dependency. This will lead to issues like compatibility, security vulnerabilities, and unexpected behavior.
To solve that we got multiple ways such as overrides property in package.json file, npm-force-resolutions, npm dedupe, npm-check-updates or yarn-upgrade-all.
Table of Content
- Manual override in package.json
- Utilizing npm’s npm-force-resolutions
- Using npm dedupe(deduplicate)
- Automation with npm-check-updates or yarn-upgrade-all
- npm users
- yarn users
- Testing and documentation for changes
- Best practices for management