If you’re building applications chances are your dependency tree is in the order of hundreds. That easily can scale up to at least a thousand for large applications (like popular OS projects Ghost or Keystone). Join me in my hindered journey to address a big elephant in the room: managing dependencies. Updating a dependency or following common practices shouldn’t have to be a mysterious thing. What’s the right thing to do in your package.json? Exact versions? Using a caret? What’s the reason behind lockfiles? What type of tooling is out there? I’ll present answers from my research to these common questions.