mrcolbyrussell opened a new issue, #161: URL: https://github.com/apache/incubator-annotator/issues/161
**Describe the refactoring action** Pull request #157 closed issue #154 to simplify the build process by using npm instead of yarn for fetching dependencies. The current state of the project is described in the README "dependencies are automatically installed as part of the build[...] `npm run build` -- builds the project". Not requiring a separate step to fetch dependencies isn't a bad affordance for people who want to be able to get annotator built with a single command after cloning, but it is inconvenient wrt other scenarios in the fact that getting all the code is itself not a single step—you fetch part of the code when you clone the repo and then the rest of it (i.e. the dependencies) right before build. This is not unusual for npm-based projects, but it is inconvenient all the same (and unnecessary). Rather than requiring folks who are merely building annotator fetch dependencies on top, we can dictate that maintainers be responsible for fetching them (at the same time they're that they're affirming, after a package has been changed upstream, that its newest release releases does in fact comprise part of a platform on which annotator can be built). **Expected benefit** Being able to build offline—as long as you've already cloned the repo, then you have what you need to build the project (common expectation up until ~10 years ago, when people started making build scripts hit the network to dynamically fetch other pieces). Reproducible builds—under the status quo, a developer may successfully build and deploy annotator and then at some later point another developer (or the same person, even) might check out the exact same tag/branch/commit and not be able to successfully complete the build because a dependency has changed upstream. (package-lock.json tries to solve this, but it doesn't, and it's just one big attempt to work around the fact that `npm install` and similar workflows are designed to keep people from being able to get dependencies at the same time that they're getting the application code.) See also: * "Dependencies belong in version control." <https://www.forrestthewoods.com/blog/dependencies-belong-in-version-control/> * "I hate npm so much." <https://social.lol/@bw/111293266036805485> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@annotator.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
