[htormey]

Yep, exactly my experience. I love React Native but if your not used to the Javascript style of million's dependencies your in for a world of pain.

It's critical to spend more time vetting third party React Native/Javascript libraries as the quality level varies way more than with native libraries.

As a native developer I hadn't spent a lot of time working deeply with npm. One thing to be careful about when saving packages to your project is the use of ^ versus ~. See:

http://stackoverflow.com/questions/22343224/whats-the-differ...

" the tilde matches the most recent minor version (the middle number). ~1.2.3 will match all 1.2.x versions but will miss 1.3.0.

The caret, on the other hand, is more relaxed. It will update you to the most recent major version (the first number). ^1.2.3 will match any 1.x.x release including 1.3.0, but will hold off on 2.0.0."

Considering the volatility of some third party Javascript libraries, this can cause quite a bit of pain.

It's worth doing the following in your home directory add save-prefix=~ to your .npmrc and all npm install's in the future will automatically add ~ instead of ^

[cageface]

I recommend pinning to exact versions and using a tool like npm-check-updates when you want to upgrade to newer versions of libraries. We had a lot of problems with breakage due to different developers having slightly different versions of dependencies.

React Native is a great platform but it's still very fragile, particularly on Android.

[Matthias247]

I recommend that too. I only used the npm ecosystem for a short time, and still had dozens of silent breakages from libraries which were expected to update in a backward compatible fashion. And even if a dependency itself is pinned to an exact version, it might be that the transitive dependency of this thing changes and breaks. npm shrinkwrap and yarn are supposed to fix that.

[devmunchies]

facebook actually recommends using yarn instead of npm. it has faster install times.

[t1amat]

Yarn is categorically better than npm at dependency management, in addition to its speed. Yarn uses a lock file to pin exact versions no matter what semver range you choose. When you add another dependency, it does not have the side effect of updating other modules. When you run yarn install it downloads the exact package versions described in the lock file rather than the latest version it can get from npm in that range. This ensures you get back to the last working state. Updating modules to the latest in their range is a separate command.