Automate peer dependency management
npm@v7, you no longer have to install peer dependencies. This feature removed a huge maintenance burden for our documentation sites at Mapbox. Through strategic use of peer dependencies and dependabot, we’ve significantly reduced our dependency maintenance.
To keep all site repositories consistent, we have configuration packages for
prettier. To support each configuration, we must install
devDependencies (such as
lint-staged) to make them work. In total, we maintain over 20 dependencies in each repository to support our configuration packages, which adds up across 18 repositories.
Managing peer dependencies
With npm@7, whatever
peerDependencies that you define in
package.json, npm will be automatically install them. For us, this eliminates our need to manually maintain about 20 packages in each repository.
Our workflow looks like this:
peerDependenciesin each configuration package. We moved all the
devDependenciesthat are required to allow the configuration to run as
package.jsonin our configuration packages.
Automatically update peer dependencies with dependabot. Each configuration package’s repository has a dependabot workflow to check weekly or monthly for updates (depending on the package). This helps keep the
peerDepedenciesup-to-date on an automated schedule.
Automatically install peer dependencies in each site. In each site repository, we updated the configuration package and removed the now redundant developer dependencies. Since in the first step, we saved
peerDependendies, npm will automatically install peer dependencies to site repository’s
Automatically update dependencies dependabot in each site. Each site repository has a dependabot workflow that checks daily for updates to each of the three configuration packages. This means that as soon as we release a new version of a configuration package, within one day dependabot will open a pull request in all 18 repositories with the version bump.
If a site repository needs a bump sooner than our workflows will allow, we can force install dependencies (
--force). It’s nice to have an approachable workaround to fix fast problems.
Leave it to the bots
A good sum of our dependencies are now maintained on a schedule thanks to dependabot and peer dependencies. We can roll out changes significantly faster to our site repositories, which gives us much more time write the docs.
And now your moment of diff zen.