Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Switch from npm to yarn to allow cross-platform sharing of lockfile

See original GitHub issue

I had noticed a while back that on my Mac, doing an npm install (note: npm v5 and later) always modifies the package-lock.json that is committed to the repo.

When I looked into this more today, I found that this is an issue with how npm handles optional dependencies (in our case, that’s fsevents, a macOS-only dependency of things that watch filesystem changes):

Since this is an optional dependency which can only be installed on macOS, npm will install it and add it to package-lock.json whenever npm install is used on a Mac, but will remove it (if present) from package-lock.json whenever npm install is run on another platform.

From what I could find, there are currently at least two issues in the npm repo describing/discussing this: npm/npm#17722 and npm/npm#18135.

Since a fix for this doesn’t seem to be in sight, and there’s a report that this isn’t an issue with yarn, I suggest that we switch to yarn for package management.

@mikehenrty, thoughts?

Issue Analytics

State:
Created 6 years ago
Reactions:1
Comments:6 (6 by maintainers)

Top GitHub Comments

1reaction

mikehenrtycommented, Oct 24, 2017

We use yarn now! \o/

https://github.com/mozilla/voice-web/commit/cdc936beb32c1f9cd97a3a041cd15ea3e22f2da7

1reaction

lehnerpatcommented, Oct 7, 2017

@mikehenrty, option 2 is discussed in npm/npm#18135, the specific issue why I don’t like that approach is:

Sometimes optional doesn’t actually mean optional, but instead means may be operating system specific.

In our case (fsevents being the package in question, for now), that might work out fine, but I’ve seen reports in those two issue threads I linked that lack of fsevents on macOS can actually case very high CPU and memory usage.

Option 1 I would avoid, esp. since we’re aiming to introduce automated tests, because I’ve had bad experiences with non-locked dependencies and CI builds in the past. It can be quite difficult to track down that the reason why a specific test works locally but fails on CI is that one dependency is at version 1.7.5 locally but 1.7.4 on CI (since not all open source projects practice sem-ver reliably).

Since we now have an updated REAME and contribution guidelines, I think switching to yarn isn’t actually such a big footprint.

I’ll open a PR for the switch, then we’ll see what it actually looks like.