Indirect Dependencies vs Direct Dependencies

Question

I have a package which has a dependency on cross-spawn and the build is coming out be successful right now. I don't see any issues.

However, cross-spawn is not present in our package.json and is come indirectly from

├─┬ @wdio/cli@7.0.0
│ └─┬ yarn-install@1.0.0
│   └── cross-spawn@4.0.2
└─┬ eslint@8.25.0
  └── cross-spawn@7.0.3

Should I get a direct dependency in my package.json? What advantages do I get with that? Will there be any conflicts? I am new to npm world and I would like to understand how a direct dependency vs indirect dependency can cause issues?

Answer 1

As a general rule, you should declare in your package.json, the packages that your code is directly using, and only them.

By "that your code is directly using", I mean that you import (or require) them in your own code.

It has two advantages :

• It explicits what your code is using, which make it easier to understant the project for newcomers
• If you use a dependency A that depennd on B, and your using B without declaring it, if A decides to stop depending on B in an upgrade your code will break.

But when you use a dependency A, which has a dependency B, if your code is not directly interacting with B, you don't need to declare it.