New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use yarn instead of npm #14692
Use yarn instead of npm #14692
Conversation
Have we discussed saving exact before? The tradeoff is not getting automatic patch fixes for avoiding possible breaking changes smuggled under patch version bumps. Will play around with this branch and see if I can get anything to break! |
yeah we had problems before with deps of deps releasing breaking changes as patches, everything unexpectedly breaking, and decided this was safer. i'm no fan of shrinkwrap itself, but i think the argument for using it is pretty persuasive. if we get everything up to date, add green keeper or a similar non-automated way of regularly keeping up to date, we should hopefully be able to avoid both situations |
# Conflicts: # makefile # npm-shrinkwrap.json
Are you purposely only moving the install over, i.e what about the npm scripts:
Should these be moved? |
@npm install | ||
@echo '…done.' | ||
@echo 'Removing any unused 3rd party dependencies…' | ||
@npm prune |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wonder whether we should run yarn install --force
to have parity with the prune behaviour? Seems like a bug that they may decide yarn install
will remove modules that aren't in the package.json
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actually... scratch that, --force
would bypass the local cache and lose those benefits, so I guess there is some behaviour there that yarn needs to fix (but that isn't a blocker to us...)
(edit)
Or.. maybe yarn clean
- but it says don't use it all the time. Could be worth using it cautiously to generate a yarn.clean
periodically. Anyhoo, one to think about.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yeah i was going to yarn clean
but their specific warning gave me pause...
if it becomes an issue, make reinstall
should cover you? prune
was always just a courtesy really anyway, to my mind
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 Yup, makes sense.
⭐️ For me this is a no-brainer test - easy to back out from if things go wrong but great rewards in performance if they go right. Not as part of this PR, but in the future if we're happy, It might be worth us reviewing if the |
i see them moving as part of the retiring grunt/ at the start of last week, incidentally, I nearly made a case for moving npm scripts out to a runner, based on the idea that one day npm too would be replaced by something new and therefore we'd end up moving them again. that seemed to show it was the wrong place for build scripts, but it seemed a kind of pointless, because npm being replaced seemed like a verrrrry long way away :) |
😆
Ok, yeah that makes sense, I prefer the idea of a unified architecture for all tasks with only one level of abstraction ( |
What does this change?
installs npm modules using
yarn
instead ofnpm
What is the value of this and can you measure success?
Does this affect other platforms - Amp, Apps, etc?
no, but there is this:
this means all deps will now be installed up to the current top of their semver range. that should be ok, but we'll need to be vigilant nothing's snuck out (unlikely – rogue bad updates to deps of deps are why we started shrinkwrapping in the first place; they were very rare, but bad when they did get out)
Screenshots
⚡️ 🐻
Request for comment
@guardian/dotcom-platform