Explore a real-world case study of a mysteriously disappearing NPM dependency in this 23-minute conference talk. Trace the investigation from an internal repository issue to an unexpected change in a popular open-source library. Learn valuable best practices for development teams and open-source maintainers to ensure stable, successful, and policy-compliant JavaScript build pipelines. Discover the importance of lock files, proper NPM versioning, and using 'npm ci' in builds. Gain insights into package maintenance best practices and understand how seemingly unrelated changes can impact your project's dependency tree. Equip yourself with knowledge to prevent similar scenarios and maintain robust JavaScript development workflows.
Builds Today, Breaks Tomorrow: The Mystery of the Disappearing NPM Dependency
Overview
Syllabus
Hi! I'm Bella Wiseman
How Goldman Sachs Uses GatsbyJS
Open Source Licenses
Dependency Tree
What Changed? Nothing!
NPM Versioning
Mystery solved!
Don't be taken by surprise
Lock files!
Use npm ci in your builds
A Comparison
Fix the underlying issue
Package Maintenance Best Practices
About Goldman Sachs Engineering
Questions?
Taught by
Linux Foundation
