2

I have a website with the below dependencies. It's working fine but I've been thinking for a while will these packages remain supported by node. I read the legacy docs of packages. So does it means that node will not drop support for those dependencies?

 "dependencies": {
    "bcryptjs": "^2.4.3",
    "body-parser": "^1.17.2",
    "connect-flash": "^0.1.1",
    "express": "^4.15.3",
    "express-messages": "^1.0.1",
    "express-session": "^1.15.3",
    "express-validator": "^3.2.0",
    "mongoose": "^4.10.2",
    "passport": "^0.4.0",
    "passport-local": "^1.0.0",
    "pug": "^2.0.0-rc.1",
    "cookie-session": "^2.0.0-beta.3",
    "passport-google-oauth20": "^1.0.0"
  }

I wish to publish this site, so will it be possible to maintain it?

Grokify
  • 15,092
  • 6
  • 60
  • 81
mariappan .gameo
  • 171
  • 1
  • 1
  • 15
  • node doesn't contain "support for certain dependencies". A given package contains support for specific versions of node. So, it's up to the package developers what versions of node they will support. A given version of node will continue to work with a given version of a package forever. But, at some point, you will need to upgrade one or the other and then you will have to find a version of node and the package that are compatible with each other. That's on you to manage. – jfriend00 Jun 11 '18 at 04:11

1 Answers1

2

Almost no project is maintained indefinitely, especially by the original publisher. Some exceptions are ones where a hobbyist community is formed.

Node.js is published by the Node.js Foundation and they do not support their software versions indefinitely. You can see an end-of-maintenance schedule and history on Wikipedia:

The libraries you mention may not be maintained by the Node.js Foundation so you will need to check with the maintainer for each library on their maintenance schedule. On NPM you can find contact information for each library via the "homepage" and "repository" links, for example, the following for Express:

In general, you should keep your software up to date with the latest dependencies, upgrading them when new versions become available. This may include major changes for major version upgrades and if a library is deprecated and you need to migrate to another library.

Grokify
  • 15,092
  • 6
  • 60
  • 81
  • I disagree with your blanket statement that you should keep your software up to date with the latest dependencies, upgrading them when new versions become available. The answer is "it depends" upon what changed and whether you need or want that. Otherwise, upgrading for no specific reason just creates a lot of new testing burden and creates an opportunity to break things for no reason. – jfriend00 Jun 11 '18 at 04:14
  • It's not meant to be a blanket statement. I wrote "In general" to make the statement situational and allow for judgement. I thought a more in-depth discussion wasn't necessary here given the high level discussion. My experience is that people learn what is an appropriate level of staying up to date when they go through the process a few times. I'll look into either adding more information or linking to an existing discussion of the pros/cons of update velocity. – Grokify Jun 11 '18 at 04:30
  • Well, to most people, "in general" means "usually" or "most of the time" or "in most circumstances". That I disagree with. The testing burden alone is a nightmare to upgrade every time a module you're using is modified. – jfriend00 Jun 11 '18 at 04:36
  • Testing effort is also dependent on a few other things including the type of project. In my experience, testing is much harder to automate for front end than back end, and certainly most commercial projects require more testing than most hobby projects. – Grokify Jun 11 '18 at 04:59