Skip to content

Commit

Permalink
Remove dev-dependency on npm-check-updates. (#959)
Browse files Browse the repository at this point in the history
It appears that the intention of including `npm-check-updates` in this
repository was to provide an easy way to update dependent packages from the
console.  This was originally introduced in [Ref 0].

Unfortunately, the `npm-check-updates` package has an explicit dependency on
`npm@3`, which means that it includes the entire `npm` in its
`node_modules`.

I originally observed this when analyzing the test failures in [Ref 1] and
[Ref 2] which indicated (in its npm error) that the npm version was v3.10.10.

The explanation for this is relatively straight-forward: Older versions of
npm uses an nested tree of `node_modules` directories while newer versions
hoist `node_modules` (i.e. flatten) to the highest location possible and
only nesting dependencies to meet conflicting version constraints.

Unfortunately, that means that once `npm@3` was installed by the newer
`npm@5` as a dependency of `npm-check-updates`, it was hoisted to the
top-level `node_modules` directory, exposing `npm@3` to `npm-scripts` which
directly call `npm` commands on the nested packages, as is done on this
monorepo (with, for example the `postinstall` script which runs `npm run
compile` in each of the server middleware packages). :face_palm:

Overall, this package doesn't seem to provide enough value for us to
continue to include it, especially since we have Renovate - coupled with the
same information being available from `npm outdated` and `npm update`
commands.  I'm not sure why we would want to install newer versions than our
"package.json" allows.

Futhermore, looking at the issue tracker on `npm-check-updates`, I'm
assuming this is the reason I've seen "`dezalgo`" install errors [Ref 3] on
this repository recently and _possibly_ even a bizarrely corrupted npm cache
I encountered recently (though admittedly, that could be a stretch).

See also: [Ref 4].

[Ref 0]: d7ca07f7
[Ref 1]: https://circleci.com/gh/apollographql/apollo-server/1915
[Ref 2]: https://app.netlify.com/sites/apollo-server-docs/deploys/5acdd3b7
[Ref 3]: raineorshine/npm-check-updates#420
[Ref 4]: raineorshine/npm-check-updates#423
  • Loading branch information
abernix authored Apr 17, 2018
1 parent 0261870 commit 0c6b1bd
Showing 1 changed file with 0 additions and 1 deletion.
1 change: 0 additions & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,6 @@
"lerna": "2.10.2",
"lint-staged": "6.1.1",
"mocha": "5.0.4",
"npm-check-updates": "2.14.1",
"prettier": "1.12.1",
"prettier-check": "2.0.0",
"remap-istanbul": "0.11.0",
Expand Down

0 comments on commit 0c6b1bd

Please sign in to comment.