When possible, I prefer to upgrade dependencies incrementally rather than making several version jumps. So, we try not to go from React 16 to 19. We go from 16 to 17, then to 18, and finally to 19. The Risks of Jumping Multiple Versions It’s very tempting to jump to the latest release. It feels like time travel; putting your application on the latest in the fewest number of steps. What’s not to like? ...
A policy I favor with dependency management: go forward. Going backward is an exception that we must plan to remedy. Example Consider a CVE in a dependency at version 5.0 (v5.0). We’re advised that v6.0 and v4.0 are safe. Which way should we go, forward or backward? We want to default to forward. Even if we’ve been on v4.0 before and know it is compatible. Even if we aren’t sure that v6.0 is “solid” or if it takes some code changes to implement. ...
Permanently forking a library is something I’ve observed on several teams. But, there are tradeoffs that aren’t always obvious. ...
Unused dependencies are bad: they increase the size of your project, slow down your processes, require upgrades, and send incorrect messages to fellow developers about what’s important. Make your project better by periodically auditing your dependencies, and removing those that are unused. ...
My current favorite command line alias is mgrim, composed of four other aliases. Here’s what it is, and what it does. ...