Regarding npm users

Question

Regarding npm users

Opened this issue 8 years ago · 9 comments

Produce a package-lock.json to ensure npm users get correct dependencies

Answer 1 · 2017-07-02T20:45:52.000Z

Isn't this the same as the yarn.lock? (use yarn instead of npm?)

Answer 2 · 2017-07-02T21:33:59.000Z

@VictorWinberg I use yarn. But I don't think everyone does, sadly. And I don't think npm takes the yarn.lock into account, correct me if I'm wrong.

Answer 3 · 2017-07-03T05:17:25.000Z

@eHammarstrom that's true!

Answer 4 · 2017-07-03T09:57:09.000Z

Keeping two lockfiles in sync would be messy (I'm guessing).

Travis/CI conf would be simpler if we used package-lock.json since npm is preinstalled. I think new contributors shouldn't have to install yarn either in order to contribute. Gotta keep those barriers to entry low.

Answer 5 · 2017-07-03T16:21:24.000Z

joelklint commented 8 years ago

👍1
🎉2

Answer 6 · 2017-07-03T17:24:25.000Z

Unfortunately the time it takes to install yarn is longer than that difference.

Btw, how much of that time difference is due to Yarn using the lockfile and npm not picking it up and having to resolve dependencies? Did you clear node_modules in between? Which version of npm are you using? npm v5 and up should auto-generate a lockfile I think.

Edit: Apparently npm got a lot faster in v5.

Answer 7 · 2017-07-03T17:59:12.000Z

Har NPM löst så det automagiskt stödjer lockfiles? Eller är det något man måste ange explicit?

Answer 8 · 2017-07-03T18:20:53.000Z

Both with lockfiles. The speed does not really matter to me. If there is no explicit reason why Yarn is better than NPM, i am onboard @ErikBjare

Answer 9 · 2017-07-03T18:30:49.000Z

@joelklint Since npm 5 it automatically supports lockfiles.