npm nested dependency management

2019-06-18 16:03发布

问题:

I have a question about best practices in managing npm nested dependencies.

Let me explain my situation, and please tell me what I'm doing wrong, or what's the best way to approach this.

I'm running an app using express.js and express-mongostore in a nodeenv. Because of nodeenv, I'm npm-ing everything globally so they all go under the nenv/lib/node_modules folder. The thing is, I'm trying to develop off bleeding edge express.js while express-mongostore hasn't been updated in a while. After installing both modules, I get this folder structure.

nodeenv / lib / node_modules / express / node_modules / connect / ..
                             /
                             / connect-mongodb / node_modules/ connect / ...

So what ends up happening is that I have 2 different versions of connect.

I got burnt because the cookie generated by the mongodb store and the one generated by the session middleware is different because they point to 2 different connect utils implementation (one calls the store which calls utils and the other calls utils directly. Unfortunately, they point to different files during require resolution). The actual difference here is that they sign the cookie using different algorithms. For a while, my sessions were invalidating themselves every page load and it took me a long while to debug down to this level.

I was reading on the Internets and it seems like this is supposed to be the npm way and a good thing. The issue here is that since express relies on a bunch of utils in connect and connect-mongodb inherits some of the same classes in connect, having them be different repos is problematic.

I currently still have 2 versions of connect and I patched one to be like the other. It is obvious that this is not a sustainable solution. How should I proceed and approach dependency management in this case?

Thanks in advance!

回答1:

You can run npm dedupe to move compatible dependencies up the tree. So, assuming that express and connect-mongodb can work with the same version of connect, you'll end up with a tree like this:

nodeenv / lib / node_modules / express / ... 
                             /
                             / connect-mongodb / ...
                             /
                             / connect / ...


回答2:

You're experiencing a fundamental incompatibility between two modules which assume they can cooperate with one-another.

This is no fault of NPM or flaw in its design. You will need to solve the logic issue yourself.