I noticed that in my normal dev workflow, I often (sometimes) run into the following problem:
- pull changes from github
- run build tool, for example
grunt - get cryptic errors
- blame someone for breaking the build
- find out that someone just added a dependency / updated a version (that's a tricky one to find)
- run
npm installand everything works after that
This lead to me thinking: can grunt check if I have the correct dependencies installed automatically as part of the build?
I looked around and found a few plugins that do this, for example
grunt-check-modules.
Unfortunately, they all seem to be wrappers around npm ls command.
The problem with that command is that it checks the entire dependency tree = slow.
On a typical project it takes 5-10 seconds, which adds significantly to the build time.
I want to check the dependencies very quickly as part of the default task.
The key shortcut is that we only need to really worry about two cases:
- new dependencies have been added to the package.json and missing from the local node_modules folder.
- an existing dependency has been bumped to newer version and needs to be reinstalled.
So I wrote deps-ok and a grunt
plugin grunt-deps-ok to check missing folders and version
compatibility for npm modules. As long as installed version is greater or equal to declared, it is ok. If a check fails, it just suggests to run npm install.
version numbers
I used semver to compare package version numbers. This works great as long as
you have valid versions for your dependencies 1.2.0, 2.8.0, etc. Please do not use * or latest, this
is a bad practice in general and would not work with deps-ok.
The same approach might be easy to extend to bower dependencies, feel free to try and let me know.