> That means we have to maintain multiple copies of the same library and that increases our effort to maintain it.
The maintenance cost is reduced since they're just bundled with the package. You can treat each release of say gulp as a snapshot of their deps and bundle it with them. Packages specify dep versions for a reason and it's not super safe to assume they'll function correctly with deps outside of those specified ranges. > When we update a dependency to latest version, we ensure all the packages depending on it continue to work by running tests Sounds kinda fragile. > The terms of the license allow me to flatten the dependencies. You're totally free to but I'm also free to discourage incorrect use of the package. BTW are these Debian packages targeting a specific Node version? -JDD
