I see that my friend are using latest in dependencies as follows
我看到我的朋友正在使用最新的依赖关系,如下所示
{ "dependencies": { "somemodule": "latest" } } I feels that this is kind of dangerous when I deploy my application in different environments qa -> stage -> production, since this pulls latest version of dependency module always.
{“dependencies”:{“somemodule”:“latest”}}当我在不同的环境qa - > stage - > production中部署我的应用程序时,我觉得这有点危险,因为这总是会提取最新版本的依赖模块。
And how about if i have package-lock.json in my application directory. Will it help to put same version of dependency modules as like as my local environment in all different environment
如果我在我的应用程序目录中有package-lock.json怎么样?在所有不同的环境中将相同版本的依赖模块与我的本地环境放在一起是否有帮助
Can anyone help me to understand good and bad on this?
任何人都可以帮我理解这个好坏吗?
1 个解决方案
#1
0
This is a subjective situation and completely depends on your development and QA process. If you upgrade often and know exactly what breaking changes may happen then go for it.
这是一个主观情况,完全取决于您的开发和质量保证流程。如果您经常升级并确切知道可能发生的突破性变化,那就去吧。
Otherwise stick with one version until you want to upgrade, do some research on that version and implement accordingly.
否则坚持使用一个版本,直到你想要升级,对该版本进行一些研究并相应地实施。
#1
0
This is a subjective situation and completely depends on your development and QA process. If you upgrade often and know exactly what breaking changes may happen then go for it.
这是一个主观情况,完全取决于您的开发和质量保证流程。如果您经常升级并确切知道可能发生的突破性变化,那就去吧。
Otherwise stick with one version until you want to upgrade, do some research on that version and implement accordingly.
否则坚持使用一个版本,直到你想要升级,对该版本进行一些研究并相应地实施。