The new npm based packaging mechanism is driving me mad. :-/ My app is using some jQuery plugins that bring their own jQuery dependencies. In Meteor 1.2, I loaded these plugins via mquandalle:bower which allowed me to explicitly exclude the duplicated jQuery code from being included in my app. This worked pretty fine.
Now that I am on Meteor 1.3, I included these plugins as npm packages instead. However, this caused one of the packages to import a newer version of jQuery (3.1.2) which now overrides Meteor’s jQuery version. This caused problems with another plugin that wasn’t ready for jQuery 3 yet.
How can I prevent npm packages from loading duplicate versions of the same library and - even worse - override them in the global namespace?
It would also be fine if there was a way to suppress that dependencies are loaded automatically.
Sounds like really badly published npm packages. They should be declaring a peer-dependency rather than depending on or including jQuery from npm
I ran into this problem using jquery-ui from npm. It bundles every version of jQuery from 1.10 to 3.1.1, giving you a 16mb package 
. Also from plenty of jquery plugins
For badly published packages like that, I end up just copying the js file into my project. Which is the way most jquery plugins are designed to be used anyway (equivalent to adding a script tag)
Now if only npm had a quality rating system so we could downvote these packages into oblivion / encourage the maintainers to fix their stuff
1 Like
Yeah, I guess that’s true. I also ended up copying the code into a Meteor package, but that’s far from being optimal or maintainable. Still looking for a way to prevent the overloads, like it was possible with bower.json.
I do try to make issues or pull requests on offending packages, but they are often unmaintained.
You could then fork the package and publish to npm yourself, but it’s rare that that’s worthwhile.
I guess they’re just the discarded artifacts of javascript’s evolution 