This quite detailed post on npm 5 lock files might be useful? - http://jpospisil.com/2017/06/02/understanding-lock-files-in-npm-5.html Steve Lee OpenDirective http://opendirective.com
On 8 June 2017 at 15:14, Tirloni, Giovanni <[email protected]> wrote: > Thanks, Tony. Those seem pretty good reasons to stay with npm@5. > > I don't have a lot of skin in this game, except for working with the DevOps > team in supporting the CI pipelines and dealing with issues. So if npm@5 > gives us the performance we like and less breaking changes, +1 from me. > > I'll leave the lockfile discussion to you guys since you would have to work > with that on a daily basis. No concerns from my side at this point. > > ________________________________________ > From: Tony Atkins <[email protected]> > Sent: Thursday, June 8, 2017 05:14 > To: Tirloni, Giovanni > Cc: [email protected] Architecture > Subject: Re: [Architecture] Fwd: announcing npm@5 > > Hi, Giovanni: > > Thanks for taking the time to respond. I'll respond to the question "why > can't we use yarn?" first, with the examples that I've encountered. > > The "sharp" issues happen in OS X, running "yarn install", for example, in > this repo and branch: https://github.com/the-t-in-rtf/ul-api/tree/UL-65 > > If I run "yarn install" for that repo, it fails for me unless I install > "node-gyp" globally. Both npm 3 and npm 5 install all dependencies without > requiring node-gyp to be installed globally. I just figured that one out > this morning, it's not really a blocker, more "friction" (extra stuff we have > to do vs. npm). In this case, it's with a lower case "f". > > What's more serious are the "leveldown" issues, which happen in Windows. I > have updated the Vagrant config for my fork of gpii-pouchdb to install yarn: > https://github.com/the-t-in-rtf/gpii-pouchdb > > If you check that out and run the following, you should see the yarn error > (commands in italics, instructions in normal text): > > * vagrant destroy -f > * vagrant up > * vagrant ci test --stage setup > * vagrant ci test --stage vdrive > * open a shell in the VM, navigate to v: > * yarn install > > You'll see that leveldown fails to install with yarn. Running the command > npm install from the same directory succeeds with both npm 3.10.8 and npm > 5.0.3. > > Although this problem may indeed be solvable, at least for me, the overall > "friction" is simply lower with npm. I'd like to hear from people who have > hit the limits of npm@3 about their experiences with yarn and npm@5, I think > that would help us decide as a group which of the two paths makes the most > sense. > > In the interest of keeping this readable, I'll stop for now and comment on > other topics in separate replies. > > Cheers, > > > Tony > > On Wed, Jun 7, 2017 at 7:15 PM, Tirloni, Giovanni > <[email protected]<mailto:[email protected]>> wrote: > +1 for adopting yarn or npm5, and lock files. > > npm5 comes by default starting with node 8.x (current, future LTS) > > $ docker run inclusivedesign/nodejs:current npm -v > 5.0.0 > > Performance-wise, yarn continues to be faster > (https://github.com/thomaschaaf/npm-vs-yarn) but if it's missing features we > need, that makes yarn less relevant in face of npm@5 performance improvements. > > How can I reproduce the leveldown issue? What environment is it happening on? > > > On 06/01/2017 06:49 AM, Tony Atkins wrote: >> Hi, All. >> >> I'm sure a few of you have seen this already, but I thought I'd use it as a >> chance to resume our discussions regarding next-gen package management, >> which previously focused on yarn. The new version of npm seems to be >> pulling in a few yarn-like improvements (lock files, better speed). It >> seems like the one practical change is committing a new type of lock file. >> We'd want to confirm that the new lock files are ignored by earlier versions >> of npm, which is pretty easy to confirm in Vagrant tests. >> >> On that note, I'm volunteering to try this out for a while. My ground rules >> for myself are that whatever changes I commit related to the new version, I >> only expect reviewers to accept and merge if the tests keep passing in >> Vagrant and the version of npm included in the "Apps" images (currently >> 3.10.8). If these are horrible or incomplete ground rules, please comment. >> >> Also, if anyone else wants to join me, please reply so I know whom to >> mention in chats on IRC. I'd particularly love to enlist someone who uses >> Windows as their daily driver, as there have been multiple issues unique to >> that environment in the past (I'm looking at you, leveldown). >> >> Cheers, >> >> >> Tony >> >> ---------- Forwarded message ---------- >> From: *Isaac Schlueter* <[email protected]<mailto:[email protected]> >> <mailto:[email protected]<mailto:[email protected]>>> >> Date: Wed, May 31, 2017 at 5:06 PM >> Subject: announcing npm@5 >> To: [email protected]<mailto:[email protected]> >> <mailto:[email protected]<mailto:[email protected]>> >> >> >> __ >> Hi! >> >> Starting today, typing `npm install npm@latest -g` will update you to npm >> version 5.0.1. >> >> npm@5 is all new and packed with performance, reliability, and usability >> improvements we know you’ll love. These include a new approach to lockfiles, >> more robust caching, and incredible speed — for many common tasks, npm@5 is >> up to /5x/ faster than previous versions. >> >> The update is available now and we recommend it for everyone. Whether you’re >> finding open source packages on the npm Registry, organizing your team’s >> code with Orgs >> <http://s2030806319.t.en25.com/e/er?utm_campaign=2017-05-31%20npm%405%20all-sub%20email&utm_medium=email&utm_source=Eloqua&s=2030806319&lid=117&elqTrackId=39916DE6512B37FD8BBCF2D1E413B114&elq=b465a4f2f0f8488981d3180948b7e71c&elqaid=350&elqat=1>, >> or installing apps behind your firewall with npm Enterprise >> <https://npmjs.com/enterprise?utm_campaign=2017-05-31%20npm%405%20all-sub%20email&utm_medium=email&utm_source=Eloqua&utm_source=Eloqua&utm_medium=email&utm_campaign=20170531&elqTrackId=5B7A39B30E640E56C0C318F9225A04A0&elq=b465a4f2f0f8488981d3180948b7e71c&elqaid=350&elqat=1&elqCampaignId=107>, >> npm@5 will make it faster and easier than ever to build amazing things. >> >> You can learn more about npm@5 here >> <http://s2030806319.t.en25.com/e/er?utm_campaign=2017-05-31%20npm%405%20all-sub%20email&utm_medium=email&utm_source=Eloqua&s=2030806319&lid=116&elqTrackId=B90694C8BE3137E70040E0F3EFC1DF23&elq=b465a4f2f0f8488981d3180948b7e71c&elqaid=350&elqat=1>. >> After you’ve installed it, we hope you’ll let us know what you think >> <http://s2030806319.t.en25.com/e/er?utm_campaign=2017-05-31%20npm%405%20all-sub%20email&utm_medium=email&utm_source=Eloqua&s=2030806319&lid=13&elqTrackId=3B624F5AC6BC4FCCBC477A6BCBD47E88&elq=b465a4f2f0f8488981d3180948b7e71c&elqaid=350&elqat=1>, >> and if you run into trouble, just drop us a line >> <mailto:[email protected]<mailto:[email protected]>>. >> >> >> npm ♥ you >> >> Isaac Z. Schlueter, CEO >> and the wombats of npm, Inc. >> >> >> npm, Inc. >> 1999 Harrison Street, Suite 1150, Oakland, CA 94612 >> >> unsubscribe >> <http://s2030806319.t.en25.com/e/u?s=2030806319&elq=b465a4f2f0f8488981d3180948b7e71c> >> >> > > _______________________________________________ > Architecture mailing list > [email protected] > http://lists.gpii.net/mailman/listinfo/architecture _______________________________________________ Architecture mailing list [email protected] http://lists.gpii.net/mailman/listinfo/architecture
