I have a question about best practices in managing npm nested dependencies.
Let me explain my situation, and please tell me what I'm doing wrong, or what's the best way to approach this.
I'm running an app using express.js and express-mongostore in a nodeenv. Because of nodeenv, I'm npm-ing everything globally so they all go under the nenv/lib/node_modules folder. The thing is, I'm trying to develop off bleeding edge express.js while express-mongostore hasn't been updated in a while. After installing both modules, I get this folder structure.
nodeenv / lib / node_modules / express / node_modules / connect / ..
/
/ connect-mongodb / node_modules/ connect / ...
So what ends up happening is that I have 2 different versions of connect.
I got burnt because the cookie generated by the mongodb store and the one generated by the session middleware is different because they point to 2 different connect utils implementation (one calls the store which calls utils and the other calls utils directly. Unfortunately, they point to different files during require resolution). The actual difference here is that they sign the cookie using different algorithms. For a while, my sessions were invalidating themselves every page load and it took me a long while to debug down to this level.
I was reading on the Internets and it seems like this is supposed to be the npm way and a good thing. The issue here is that since express relies on a bunch of utils in connect and connect-mongodb inherits some of the same classes in connect, having them be different repos is problematic.
I currently still have 2 versions of connect and I patched one to be like the other. It is obvious that this is not a sustainable solution. How should I proceed and approach dependency management in this case?
Thanks in advance!