In previous chapters, you successfully built a package locally and then published it so developers at all your client companies could benefit from all your hard work. You might imagine at this point that you’ve done most of the work, but releasing a project is often just the beginning for many developers. After people start using your package, new and broken use cases start to surface. A popular open source project might turn into a years-long endeavor.
Even when the dust settles and a project reaches a stable level of maturity, the occasional update or bug fix comes along. If none of the maintainers have cracked the project open in a while, these moments can prove costly. If the ecosystem of dependencies and tools around the project has evolved significantly since the last update, what might have been a simple one-line change can balloon into a days-long excursion to update dependencies to compatible versions and get the project sputtering along again. In the worst cases, this happens in the face of a security vulnerability; the high stress and high stakes won’t do you any favors in making careful updates.