Pin exact dependency versions
Published on in Miscellaneous
In a perfect world, minor- and patch-level version bumps don't have breaking changes. In the real world, things are complicated and shit happens.
Example: I recently witnessed
yarn install starting to fail mysteriously after Node.js was automatically upgraded from v18.16 to v18.18.
I had thought that pinning the major-level version number of Node.js would have prevented this kind of sudden breakages, but nope.
Had the Node.js version been pinned to v18.16.1 or even just v18.16,
yarn install wouldn't have started to suddenly fail.
yarn install would have probably started to fail later
when upgrading Node.js manually,
but that's not as bad.
Sudden breakages are worse
because they often require acute investigation,
making your workdays more reactive than proactive.
So, note to self:
pin exact dependency versions (
x.y.z instead of just
to be on the safe side.