Make dependencies of your NodeJS app is painful and challenging. In this article, we would go over several possible ways including Github dependabot, third-party framework, and NCU, and best practices hopefully.
Github Dependabot could detect and update packages that have known vulnerabilities. Not only it checks the package.json, but also the package-lock.json. Usually, when Dependabot finds the available update of the package to fix security vulnerability, it will submit an automated pull request. However, in the case of Dependabot cannot update to the required version, we need to manually update NPM.
We have a serverless application running on AWS Lambda. Recently, we saw some warnings/errors in the AWS CodeBuild log as below, although the application is successfully built: provider.apiGateway.shouldStartNameWithService and gypErr. In the article, we will explain the issues and solutions.
NVM is a great tool to manage different version of NodeJS installed on your computer. Either you want to upgrade to the latest NodeJS, or just switch from different versions as project needed, it comes in handy. But sometime it would be confused that you already use the version you pick in nvm, but VS Code is still using a different version. It's easy to fix only if you know how to.