Modern package managers support an option to deduplicate dependencies:
npm dedupe or npm install --prefer-dedupeyarn dedupepnpm dedupeIs it recommended to use them to avoid different versions of the same library bundled with the app? Or is this achieved differently?
I’m not an expert when it comes to package managers to be honest. Would like to understand the trade-offs and learn what is considered best practice.
Is it recommended to use them to avoid different versions of the same library bundled with the app? Or is this achieved differently?
It is! I personally consider the need to do this, however, a bug in each of the respective package managers, because it should be default, imo.
embroider, which is very strict about dependency graphs being correct (because we don’t want to ship duplicate dependencies to our users), will print some errors about incorrectly resolved peers, and point folks at this documentation, which would be good background information for everyone: https://github.com/embroider-build/embroider/blob/main/docs/peer-dependency-resolution-issues.md
This document describes a few scenarios in which a dep graph can get messed up, so hopefully it helps folks understand what’s going on! (and if not, please open issues on the embroider repo, so we can add clarity!)