Knowledge is only real when shared.
October 11, 2021
How and why to update dependencies regularly.
As mentioned in a previous post about Versioning: npm packages come with built-in recommendations for versioning so developers know how to update those packages. This post will highlight what to look for and how to make regular updates as easy as possible.
Regularly updating is one of the most important programming practices. Failing to update will introduce technical debt and will make it harder and harder to work on the codebase as time passes.
Running npx npm-check-updates will automatically update all dependencies listed in package.json. For every package it will upgrade to the latest version. Ranges like ^ or ~ are ignored as they apply when installing the package.
This only updates the versions listed in package.json the actual source files have to be reinstalled with npm install.
Once the new dependencies have been installed it's important to make sure the code works together with the new dependencies by running tests or manually taking a look at the software.
Dependencies with major version jumps like 1.2.3 → 2.2.5 include breaking changes which might require a change in the code base being updated. A quick look at the changelog for the release in GitHub will quickly inform about the relevant changes and whether they apply to the code base being updated.
Sometimes a specific package cannot be updated because other dependencies have yet to update in order to achieve compatibility. In these cases it's best to not update a certain version yet but keep waiting and checking if the other packages get updated or if there are any workarounds.
Updating all the time can be a drag and sometimes it's required to put in significant effort to migrate breaking changes. All of this pain is well worth it though. Why so, can really only be seen when not updating for a longer time. Due to multiple factors it will sooner rather than later become impossible to update the codebase. Impossible in the sense that a full rewrite will look more appealing. This even though in a full rewrite one will lose all of the effort buried deep in the codebase and the effort to achieve a minimal result will be immense. This is one of the reasons why sometimes old companies unable to innovate and update get outcompeted by small startups with much less resources available. Were the old companies up-to-date small competitors wouldn't stand a chance as the established companies could quickly react to changes.