It depends a bit on the type of project. I think that if it is your own project, which you can pay due attention to, it may be an option to do npm audit fix –force. Then check if something has broken, in which case you should take into consideration the time needed to repair it.
If it were a client’s project, I would think about it a little more, because things can break that it would be your responsibility to fix later. If they pay me to update the software then I do it, if they don’t pay me, it’s better not to touch anything because if you break it they’ll complain. But this is only from a “selfish” point of view, because it really is always a good idea to update dependencies.
Facebook Comments
Disqus