NPM
npm is the default package manager for Node.js and the largest ecosystem of open source libraries in the JavaScript world. It provides a straightforward way to manage project dependencies, publish packages, and handle scripts for development workflows.
However, npm's traditional approach to dependency resolution via the
node_modules directory can lead to "ghost dependencies"—cases where a package
can access dependencies it does not explicitly declare, simply because they are
present somewhere in the dependency tree. This can cause hidden bugs,
unpredictable builds, and makes it harder to reason about project dependencies.
Why on hold:
To avoid ghost dependencies and improve reliability, we recommend using pnpm or other modern alternatives that enforce strict dependency boundaries and offer better performance and disk efficiency.