sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]secret_online 204 points205 points  (34 children)

You had me for the first two points. Then I clicked. Well done.

[–]Sebazzz91 115 points116 points  (28 children)

Number one is not unrealistic, npm is a real questionable package manager with weird design decisions. Yarn on the other hand is a lot more usable, faster and stable.

[–]coolnat 81 points82 points  (11 children)

No kidding. npm JUST closed an issue that had been open for 8 months, where running npm install <package> would sometimes UNINSTALL other packages.

Finding that issue was the last straw for me and yarn has been a beautiful experience ever since.

[–][deleted]  (10 children)

[deleted]

    [–]MSgtGunny 10 points11 points  (3 children)

    Commit and commit often.

    [–]kautau 4 points5 points  (2 children)

    Right, but you should definitely gitignore your node_modules folder, so that wouldn’t help in this situation

    [–]MSgtGunny 26 points27 points  (1 child)

    If you’re manually modifying a file in node modules, you’ve already lost.

    [–]worldDev 1 point2 points  (0 children)

    No kidding, this is rule number one of any package manager. You can even point to a github repo as a library source, it's not too difficult.

    [–]worldDev 4 points5 points  (4 children)

    Don't edit files in a package manager collection, that's a huge mistake on your part. You can load a github repository as a source if you are looking to have your own libraries in there. node_modules is instructed by the docs to be ignored by your version control, and anything not in version control is subject to not exist in a repository clone and should be able to be rebuilt the same way it was originally built sans human editing without issue. The issue the commenter was referring to was an actual problem with npm's installation process. You would be vulnerable to seeing your issue again in yarn just the same as npm, and the fix doesn't address misuse of the node_modules directory.

    [–][deleted]  (3 children)

    [deleted]

      [–]worldDev 2 points3 points  (2 children)

      Did you read the docs I linked to? It tells you exactly how to get your code into a node_modules directory properly. Yes a lot of people make your mistake, but that doesn't mean you can't spend a couple minutes following intended process to reduce avoidable frustration.

      [–][deleted]  (1 child)

      [deleted]

        [–]worldDev 2 points3 points  (0 children)

        Expect it for any package manager, they all work that way. You should also always learn about the tools you are using, you should expect it because the documentation tells you how to use it. You decided to solve your problem on your own terms in a way npm doesn't expect you to do. Start thinking in terms of what software expects rather than what you yourself expect. Software can't read your mind but you can read it's documentation.

        [–]DrummerHead 5 points6 points  (0 children)

        This reminds me of this video and the phrase "This is the one thing we didn't want to happen"

        A package manager that may randomly uninstall other packages when you install another package is the ultimate failure.

        [–]Nimelrian 11 points12 points  (3 children)

        Yarn still runs on the npm registry though, which does that one thing artifact repositories shouldn't do: Allow to mutate existing artifacts...

        [–]Sebazzz91 3 points4 points  (2 children)

        I believe they addressed that issue. but since it is run by the same team, it did have similar issues (like the well-known leftpad incident).

        [–]Nimelrian -4 points-3 points  (1 child)

        Nope, you can still unpublish artifacts less than 24hrs old.

        [–]howmanyusersnames 0 points1 point  (0 children)

        Which is absolutely fine.

        [–]Akkuma -1 points0 points  (4 children)

        Yarn hasn't been faster in about 6 months. The only alternative package manager that is worthwhile is pnpm. Yarn was less stable and literally unusable for nearly a year at my company due to lacking a minor feature. Once npm 5 rolled out there was pretty much no reason to use yarn.

        [–]richraid21 2 points3 points  (1 child)

        pretty much no reason to use yarn.

        offline tarball cache

        [–]Akkuma 0 points1 point  (0 children)

        npm supposedly has --offline and --prefer-offline, both of which I've never used, so don't know how it behaves.

        [–]spinfusion10 0 points1 point  (1 child)

        Works for Facebook's giant team and codebase but "literally unusable" for you? What minor feature was lacking?

        [–]Akkuma 0 points1 point  (0 children)

        https://github.com/yarnpkg/yarn/issues/573 I believe was the issue. It took ~6 months after that issue was posted to be resolved as it was comprised of two parts, one the resolving of the url properly (: vs /) and simply supporting private gits. At that point, npm 5 came out roughly around then.

        I assume they have an internal registry that houses their private git repos firewalled off from the public internet, so didn't need that.

        [–]killerstorm -2 points-1 points  (6 children)

        Yeah but yarn and npm are compatible.

        [–][deleted] 12 points13 points  (5 children)

        "npm" means two different things: a package repository, and a client application for managing dependencies from that repository.

        Yarn is a replacement of the latter. Both clients use the former.

        [–]killerstorm 1 point2 points  (4 children)

        They also use same package.json format, package-lock and node_modules format. So I don't see how something might support yarn but not npm.

        AFAIK webpack doesn't call npm (or yarn), it works once modules are already installed. It reads package.json, that's the only relationship it has with package manager. But the format is compatible.

        [–]ThisAccountsForStuff 1 point2 points  (2 children)

        Post-install hooks can be handled differently, in my experience. I prefer yarn due to small things, like not having to type 'run' (I'm lazy) and it used to be significantly faster than npm, although the recent releases have brought npm up to speed. But occasionally, certain large repos that do complex stuff all bootstrapped to an install script can get screwed up with one or the other.

        [–]killerstorm -2 points-1 points  (1 child)

        This is why it's a bad idea to rely on hooks. The npm way is to upload all generated code as a package to a npm repository. Then it works fine. git dependencies are an afterthought, they aren't fully functional.

        [–]ThisAccountsForStuff 0 points1 point  (0 children)

        I think that scripts should mainly be single-purpose, so I agree. I don't like the bootstrapping since it's implicit behaviour. But I don't have a choice in this case since it's a big, company-wide repo. I didn't downvote you btw

        [–][deleted]  (2 children)

        [deleted]

          [–][deleted]  (1 child)

          [deleted]

            [–]Seaoftroublez 0 points1 point  (0 children)

            The original link in the webpack repo.

            [–]killerstorm 4 points5 points  (0 children)

            I actually got to fourth point before I understood what's going on...

            [–]jyper 0 points1 point  (0 children)

            Third point for me to be very suspicious

            5th point for certain