The Node Package Manager (NPM) seems to yield duplicated packages

Question

I've been installing a few node packages and what I noticed is that NPM creates a bunch of duplicates.

For example, I first installed mongoose, which installed a bunch of dependencies, naturally. Then I installed the mongodb package, which also came with bson as a dependency. Due to overlapping dependencies, I have the following anomaly:

Mongodb is present in the following directories:

/usr/local/lib/node_modules/mongodb/
/usr/local/lib/node_modules/mongoose/node_modules/mongodb/

Also, bson, a dependency of mongodb is present in both of these:

/usr/local/lib/node_modules/mongodb/
/usr/local/lib/node_modules/mongoose/node_modules/mongodb/

I realize these are only files of kilobytes, but I feel like this might create a lot of redundancy end I might end up with a very complex tree similar to the following:

/usr/local/lib/node_modules/[something1]/node_modules/[something2]/node_modules/[something3/.../.../node_modules/[somethingX]/

In this scenario a given [dependency] might be present on X levels under /usr/local/lib/node_modules.

My major concern is related to updating these modules. I do not find it hard to imagine to have concurrent modules of different versions installed at the same time.

Wouldn't it be easier to just put everything directly in /usr/local/lib/node_modules/ and then cross-reference dependencies?

Answer 1

The problem is when mongoose is only coded to work with say v1 of mongodb, and you've coded your app to work with v2 of mongodb - as such, it installs and loads up both versions so it all works. We can do this easily in node, as the require module way doesn't pollute the global namespace, unlike the browser - which makes managing and including the right dependencies a royal pain due the global namespace pollution.

Now if your package.json and mongoose's package.json allow the same mongodb version (your can specify a specific version or ranges), then doing a rm -Rf node_modules; npm install will only install one copy of mongodb, rather than two. However as said before, if multiple versions are specified, multiple versions will be installed and loaded.