Dependency Management

We have a strict dependency policy for security and stability purposes.

Only necessary dependencies are accepted.

These must have a clear purpose for the project -- especially from external sources like the NPM.

Internal libraries

Our own modules are published as a build-time git submodules and are not available from the NPM.

Project Name Scope Purpose
@sendanor/typescript Full Stack General purpose utilities for logging, events, HTTP requests, etc.
@sendanor/matrix Full Stack Our extremely lightweight Matrix library which works also on embedded systems (OpenWRT)

The UI is split to three separate modules with an index project at @sendanor/ui:

Project Name Scope Purpose
@sendanor/ui-services Frontend Frontend services
@sendanor/ui-styles Frontend Frontend styles library
@sendanor/ui-components Frontend Frontend components library

Note! The UI modules include code that's not considered stable at the moment.

Accepted external libraries

Project Name Package Name Scope Purpose
Lodash lodash Full Stack Extends JavaScript functionality
TypeScript typescript Full Stack Compiles TypeScript language to JavaScript
jest jest Full Stack Testing framework
ReactJS react
react-dom
Frontend User interface library for the Web
Create React App react-scripts Frontend Environment tools for React development
i18next i18next Frontend Internationalization library
React Router react-router-dom Frontend Library to implement routes on the client side
i18next node-sass Frontend Compiles SCSS to CSS
React Router Hash Link react-router-hash-link Frontend Enables hash based links in the app. You should prefer not to use hash based links, though.
ts-node ts-node Backend Enables TypeScript support for NodeJS
node-jws jws Full Stack JWT support for JavaScript

It's also acceptable to install @types/FOO dependencies for these projects to add the TypeScript support.

New dependencies

For specific purposes it's acceptable to introduce a new library.

You should consult the lead developer in that case.

Some general points to consider while choosing a library:

  • It should have a MIT license and other compatible ones
  • Prefer zero dep libraries. The module shouldn't have too many dependencies.
  • Prefer build time only libraries. We want to have the freedom to compile our code into single small deployable bundle which doesn't have too many dependencies.