DEV Community

loading...

Discussion on: What's confusing you about npm?

Collapse
myzel394 profile image
Myzel394

Didn't answer the question and link doesn't work.

Thread Thread
alexzherdev profile image
Alex Zherdev Author • Edited

Ah, thanks for the heads-up, fixed.

As far as the question, honestly it's not something that can be properly answered in a comment—and it wasn't the intention of the post, I'm sorry if that wasn't clear. I hate to sound so vague, but I literally had to make an 1.5-hr long internal presentation to gradually build up the understanding of this exact situation. Part of the reason I'm doing this research is to understand if I can put together a larger-format thing that'd be publicly available and help answer those questions in something more than a "yes/no" manner.

In this particular case, the package manager may be able to deduplicate two versions of the dependency if their ranges are compatible, in which case only one copy of the library will be included into the bundle. The overall interplay between what a package manager does, and what a bundler does, is more interesting though IMO, and is a much broader subject.

Thread Thread
marcandrewb profile image
Marc Bernstein

Great points - I think that is where a lot of confusion originates for me. Where the responsibility of npm ends and the bundler begins.

Thread Thread
marcandrewb profile image
Marc Bernstein

Lets factor out the bundler portion. How would node handle this? Are all shared transient dependencies listed in the top level node_modules?

Thread Thread
alexzherdev profile image
Alex Zherdev Author

Generally yes, however it's not guaranteed.

The way I see it, the contract between node and npm (and other package managers) is the resolution algorithm. Whereby the code may contain require statements like require('foo'). Then npm allows you to say, I depend on foo at version ^1.2.3. The guarantee npm provides then, is that a copy of foo compatible with the ^1.2.3 range will be found in some location where the resolution algorithm will find it. That location may differ between versions of npm, yarn, and will definitely be something totally out of this world under pnpm 😀

I believe all but the earliest versions of npm have tried to flatten the tree as much as possible, so deep dependencies are hoisted to the top as much as possible. However I never recommend relying on that because of the above and because it leads to other bad practices like failing to specify your dependencies in your package.json.

Thread Thread
marcandrewb profile image
Marc Bernstein

This is a great overview! Related talk: youtube.com/watch?v=4lUzKhq3C-M