![]() ![]() So instead of keeping it up-to-date and having it included in our final bundle, I simply removed it and recreate the function we needed directly in the project ! #What are the changes ? For example, in one of my client's project, I found that we've installed a big dependency and we were using only one function of it. Then, you can check if you really need a dependency for the usage you're doing of it. Just remove them by running yarn remove your-dependency. ![]() So the first step is to check if your dependencies are really used. What are they used for ? Do you really need them ? Are they correctly ordered between dependencies and devDependencies ? This may sound a bit obvious but if you're working on a project that you haven't initialized or where people were free to add dependencies, I'm pretty sure that you don't have a full control of what you're using. And finally, this page contains the list of the latests security advisories. To avoid this, yarn and npm both have a cli command that will show you the dependencies you're using that are not up-to-date with their latest security patches: yarn audit or npm audit. □ About safety, you can find in this very good article what could happen if your dependencies are not updated when a security issue is found and fixed. By doing so, you'll face less breaking changes at the same time and keep a better control of the changes you'll introduce. ![]() I suggest you to update them once every month or at least once every 2 months. ![]() If you want to keep your project secure, fast and enjoy the latest features of all your dependencies, it's important to keep them regularly up-to-date. ![]()
0 Comments
Leave a Reply. |