Dependency management in a large codebase is complicated. There are basically two options:
- Let each team / app own its own dependencies
- Centralize all dependencies for all teams / apps
I don’t know that there’s a right answer. It depends on your goals and what’s important to you. (s/you/the organization 🤷♂) Let’s explore some of the pros and cons.
Independent dependencies
Independent…dependencies. Right. That makes sense. Next, you’ll talk about dependent independence, eh?
Don’t tempt me. 😜 For now, however, I’ll stick with independent dependencies. Specifically, I’m talking about when each application or library in the monorepo manages its own dependencies.
Pros
- Dependency updates can be performed incrementally if needed
- Adding new dependencies requires no additional approval process
- Unless, of course, you want that, but then why aren’t you using centralized dependencies? 🤨
Cons
- Different versions of a dependency may proliferate
- Think component library on React 16 with hooks, and application on React 14 without hooks
Choose this option when…
- You trust your teams to stay up-to-date with their dependencies
- All apps and libraries have a team responsible for them
- This can be either the team developing on it, or a team responsible for maintenance of projects with no owners
Centralized dependencies
Pros
- The same version of a dependency is used throughout the codebase
Cons
- Updating versions can be painful