Monitoring the drift of our dependencies
- François
The observation
Monitoring our software dependencies has never been a subject followed by Pix. The updates were therefore made by a few people.
In the past, a small team had been created to update Ember on our client applications. It works well in a swing, but does not solve the follow-up problem.
That is why Renovate was set up. Renovate is present on all our repositories and constantly pushes us with updates to our dependencies. With the Dependency dashboard (see 1024pix/pix), we can have the different updates on hold. This gives us an idea of the delay, but it is still very rude.
That is why, at the Tech Days 2023 (technical work done during the summer), a team was tasked with putting effort back on addiction updates. The job has been to switch to node 18 on our main app and configure Renovate so that everything runs.
The need to quantify in a common way the delay in updating dependencies on the various projects has led us to interest in an interesting metric, libyear.
Libyear to the rescue
In short, libyear makes it possible to quantify the age of all dependencies.
By calculating this metric on our different projects, we have a comparable measure to see and decide on the updating actions. That’s why we’ve developed dependency-drift-tracker that allows us to know the current drift of our dependencies, see evolution and compare that delay with others.
In addition to the delay in our dependencies, we also show the measurement in years since the last release, called Pulse. This makes it possible to identify dependencies that have become obsolete or devalued. This requires a slightly more manual analysis.
What does it look like?
On the left, in the blink of an eye, we see the deposits followed with the information of the delay. Then in the main panel, 2 metrics are displayed, the delay and the pulse.
The following 2 graphs make it possible to monitor the evolution of these figures over time.
Finally, the final table displays the result of the last launch of libyear with the information of individual dependencies.
The data are refreshed every day. A delay that is regular enough to enhance the work done the day before, and to plan the rest.
Conclusion
Making our delay visible has enabled us to improve on the tracking of versions. Seeing the decrease in the curve after an update is always a pleasure. Even if, in a continuous way and does it seem inexorable, the curve goes back as a result of the updates of the dozens of dependencies used by our applications.
Curious, here’s the follow-up of the Pix applications.
Try it
We made the generic tracking code usable by any javascript project. You can easily manage tracking files manually via dependency-drift-tracker, or even more simply with the GitHub dependency-drift-tracker-action action.
And read the documentation.
Have a comment? Contact me by email.