Using a mix of maintained and unmaintained packages?

Say packages A and B both depend on HTTP, but B isn’t being maintained anymore and still uses 0.9.17. A is fresh and up-to-date and can run on HTTP 1.5.1. I want to use both packages A and B in my application, but I don’t want to have to update package B to HTTP 1.5.1 just so I can have a single install of HTTP in my environment. Is there a solution to this?

I read somewhere that this isn’t possible? Isn’t that unfortunate if perfectly good legacy packages cannot be used just because people don’t have time to update and test its dependencies?

1 Like

If you need to use both A and B simultaneously in the same application (i.e. you can’t install them in separate environments), then you’ll need to fork B and update its dependencies.

And possibly use that to suggest a pull request to the package, if the tests pass.

And if the authors are completely unresponsive (and the license permits so) at some point one can register a new maintained version with a new name, ideally passing it to some organization where this kind of problem is easier to resolve.

1 Like

In my particular case the dependency is just six months out of date I will put in the work to update B. I’m thinking in a more complex case, if private copies of B and HTTP can be used, where the private HTTP stays at version 0.9.17 but gets a new UUID?