Learn dependency tree vocabulary: direct vs. transitive dependencies, peer deps, hoisting, dependency conflicts, and deduplication.
0 / 5 completed
1 / 5
A 'transitive dependency' is:
Transitive (indirect) dependencies are pulled in by your direct dependencies. If package A requires B, and B requires C, then C is a transitive dependency of your project.
2 / 5
In npm, 'dependency hoisting' means:
Hoisting moves shared packages to the root node_modules to prevent multiple installations of the same package version, saving disk space and preventing version conflicts.
3 / 5
A 'dependency conflict' occurs when:
Dependency conflicts arise when different packages require mutually exclusive versions of a shared dependency — package managers handle this by either failing or installing multiple versions.
4 / 5
What is the purpose of a lock file (package-lock.json, yarn.lock)?
Lock files record the complete dependency tree with exact versions resolved at install time — ensuring every developer and CI environment installs identical dependencies.
5 / 5
Which command identifies security vulnerabilities in your project's dependencies?
'npm audit' checks your dependency tree against a database of known vulnerabilities (CVEs) and reports them with severity levels and remediation advice.