This document describes methodology & tips for keeping our JS dependencies up-to-date. It assumes we are using classic yarn
over npm
.
Using an automated tool such as Dependabot or Renovatebot can help streamline updates, but there is no substitute for having a reasonable understanding of what our dependencies are, and why we have them.
First of all, it's useful to know the syntax of the package.json
1 and yarn.lock
files. Understanding how to read these can be extremely helpful when trying to determine what version of a dependency is being installed, and to debug potential issues.