Dependency

Management
Sean Preston
What you’ll learn today…
1. Learn how we can improve our development environment by using
dependency management tools.
What is dependency management?
• A dependency is a piece of software or code (normally, third-party) that
a system depends upon in order for it to operate.

• For example, our current news website has Bootstrap as a dependency.

• The problem with adding lots of dependencies, is that they each need
maintaining and updating. Dependency management tools help to make
this easier.
Is adding more dependencies a bad thing?
• Yes and no! You’ve probably heard of the phrase “don’t recreate the
wheel”. This is especially true in web development.

• Some external libraries and frameworks had 100’s of developers

collaborate on their development over many years. Why do you think
you could do a better job? Also, is it even worth trying?

• However, it’s important to note that every new dependency could

become a security risk in the future. So removing any unnecessary
dependencies is normally good practice.
A world without Dependency Management
• Imagine you have an application that connects and stores data in the
Google Cloud. To access this data you add the Google Cloud Library to your
application. This library itself has 10 different dependencies (it actually has
a lot more!)

• Now, if one of the dependencies the Google Cloud library relies on is

updated (let’s assume for security reasons) we would likely have to update
that package and the Google Cloud package.

• We might have our own systems which depends upon the Google Cloud
library and this would make things even more complicated!
A world with Dependency Management
• Dependency Management tools allow us to very quickly update any
dependencies our web applications have. If the dependency itself
relies upon a different version of a sub-dependency this is also
updated.

• So, instead of updating many dependencies manually we just need to

run one command!
Dependency Management Tools
• There are different Dependency Management Tools for front-end and
back-end systems (although, they can sometimes overlap).

• We will cover back-end dependency management next year. For now,

let’s focus on Front-End Dependency Management…
NPM
• NPM is the world’s largest software registry. You can access it at
https://www.npmjs.com/.

• The registry contains over 800,000 code packages.

• The registry can be used to store both private and public packages.

• Most (if not nearly all) open source projects are stored on NPM.
NPM – the problem
• The problem with NPM is that up until an update in 2017 it was
incredibly slow compared to alternative dependency management
tools.

• These performance issues lead the development of Yarn, an NPM

alternative…

• In the industry we now have a split between developers who use

NPM and those that use Yarn. Today, Yarn is still faster.
What is Yarn?
• It’s a JavaScript Package Manager (like NPM)

• Created by Facebook

• Fast & reliable alternative to NPM

• Similar syntax & functionality to NPM

• Installs packages from the NPM registry

 Once you have
completed the activities
in a lesson you should
work on your assignment

Activities