Lesson learned with package.json

I’ve been using NodeJS for a project of mine and I was used to setup my package.json in this way:

  "some_external_lib": ">= 1.0.0",
  "another_external_lib": ">= 1.4.0"

I thought: the newer a library is, the better.
And I was wrong. In this way there’s no control on what is going to production/staging servers, if a new version of some_external_lib becomes available, let’s say 1.5.0-i-am-very-alhpa, that unstable code will be deployed on production.

Since the local environment is no longer aligned with production/staging (even if we cast a npm install locally), any bug introduced by unstable code will be very hard to spot in the local environment (likely you’ll end up debugging on production server).

Lesson learned: eradicate any “>=” from your package.json.