Dependency Management

We have a strict dependency policy for security and stability purposes.

Only necessary dependencies are accepted.

These must have a clear purpose for the project -- especially from external sources like the NPM.

Internal libraries

Our own modules are published as a build-time git submodules and are not available from the NPM.

Project Name Scope Purpose
@heusalagroup/fi.hg.core Full Stack Any code that does not have dependencies
@heusalagroup/fi.hg.node Backend / CLI Module for code which depends on NodeJS
@heusalagroup/fi.hg.backend Backend Module for code which may depend on NodeJS and is intended to build backends
@heusalagroup/fi.hg.frontend Fronted Module for user interfaces and React
@heusalagroup/fi.hg.matrix Full Stack Our extremely lightweight Matrix library which works also on embedded systems (OpenWRT)

Accepted external libraries

Project Name Package Name Scope Purpose
Lodash lodash Full Stack Extends JavaScript functionality
TypeScript typescript Full Stack Compiles TypeScript language to JavaScript
jest jest Full Stack Testing framework
ReactJS react
react-dom
Frontend User interface library for the Web
Create React App react-scripts Frontend Environment tools for React development
i18next i18next Frontend Internationalization library
React Router react-router-dom Frontend Library to implement routes on the client side
i18next node-sass Frontend Compiles SCSS to CSS
React Router Hash Link react-router-hash-link Frontend Enables hash based links in the app. You should prefer not to use hash based links, though.
ts-node ts-node Backend Enables TypeScript support for NodeJS
node-jws jws Full Stack JWT support for JavaScript

It's also acceptable to install @types/FOO dependencies for these projects to add the TypeScript support.

New dependencies

For specific purposes it's acceptable to introduce a new library.

You should consult the lead developer in that case.

Some general points to consider while choosing a library:

  • It should have a MIT license and other compatible ones
  • Prefer zero dep libraries. The module shouldn't have too many dependencies.
  • Prefer build time only libraries. We want to have the freedom to compile our code into single small deployable bundle which doesn't have too many dependencies.