DEV Community

loading...

Discussion on: How do you approach adding new npm dependencies to a project?

Collapse
sumstrm profile image
Andreas Sommarström Author

Thanks for sharing! Do you put any value in stats like weekly downloads or when the package was last updated? Or do you feel like you already know enough of the dependency already to trust it?

Collapse
yoursunny profile image
Junxiao Shi

I have many "10 weekly downloads" dependencies, but I do consider update date and GitHub issues list. If the package is not being maintained and issues are piling up, I'm less likely to use it.
Or I would send pull requests for issues that affect me, and start publishing a fork if owner doesn't merge or otherwise fix the issues in 3 months. Example: npmjs.com/package/@yoursunny/mole-rpc - and NPM gets one more "10 weekly downloads" package, because I'm no longer using it myself.

Thread Thread
sumstrm profile image
Andreas Sommarström Author

Thanks again for elaborating. Considering the update date and GitHub issues list are great examples of making an informed and intentional decision on dependencies.