Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Switch from npm to yarn to allow cross-platform sharing of lockfile

See original GitHub issue

I had noticed a while back that on my Mac, doing an npm install (note: npm v5 and later) always modifies the package-lock.json that is committed to the repo.

When I looked into this more today, I found that this is an issue with how npm handles optional dependencies (in our case, that’s fsevents, a macOS-only dependency of things that watch filesystem changes):

Since this is an optional dependency which can only be installed on macOS, npm will install it and add it to package-lock.json whenever npm install is used on a Mac, but will remove it (if present) from package-lock.json whenever npm install is run on another platform.

From what I could find, there are currently at least two issues in the npm repo describing/discussing this: npm/npm#17722 and npm/npm#18135.

Since a fix for this doesn’t seem to be in sight, and there’s a report that this isn’t an issue with yarn, I suggest that we switch to yarn for package management.

@mikehenrty, thoughts?

Issue Analytics

  • State:closed
  • Created 6 years ago
  • Reactions:1
  • Comments:6 (6 by maintainers)

github_iconTop GitHub Comments

lehnerpatcommented, Oct 7, 2017

@mikehenrty, option 2 is discussed in npm/npm#18135, the specific issue why I don’t like that approach is:

Sometimes optional doesn’t actually mean optional, but instead means may be operating system specific.

In our case (fsevents being the package in question, for now), that might work out fine, but I’ve seen reports in those two issue threads I linked that lack of fsevents on macOS can actually case very high CPU and memory usage.

Option 1 I would avoid, esp. since we’re aiming to introduce automated tests, because I’ve had bad experiences with non-locked dependencies and CI builds in the past. It can be quite difficult to track down that the reason why a specific test works locally but fails on CI is that one dependency is at version 1.7.5 locally but 1.7.4 on CI (since not all open source projects practice sem-ver reliably).

Since we now have an updated REAME and contribution guidelines, I think switching to yarn isn’t actually such a big footprint.

I’ll open a PR for the switch, then we’ll see what it actually looks like.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Maintaining yarn.lock cross-platform? - node.js - Stack Overflow
This is useful for dependencies that won't necessarily work on every machine and you have a fallback plan in case they are not...
Read more >
Migrating from npm - Yarn
When other people start using Yarn instead of npm , the yarn.lock file will ensure that they get precisely the same dependencies as...
Read more >
Choosing Between NPM and Yarn -
An NPM registry where people, including you, can create, upload, publish, and share tools (Node.js packages). These packages are open source.
Read more >
Advanced package manager features for npm, Yarn, and pnpm
As one of the benefits, Yarn Berry can make sure that it share only the locations of packages that you have defined in...
Read more >
Yarn vs NPM: Which One is Best to Choose? - KnowledgeHut
Node.js is an open-source, cross-platform JavaScript runtime ... Both Yarn and NPM automatically generate a version lock file that keeps ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found