It is also my understanding that there is no hard cut-over to yarn . After we introduce the yarn.lock , as a developer you can choose to continue to use npm or switch to yarn.
Other developers on the project can keep using npm, so you don’t need to > get everyone on your project to convert at the same time. The developers > using yarn will all get exactly the same configuration as each other, and > the developers using npm may get slightly different configurations, which > is the intended behavior of npm. https://yarnpkg.com/lang/en/docs/migrating-from-npm/ Oh, and I just switched metron-alerts projects to yarn (as a test) and performed an offline install. It was stupid simple. On Wed, Aug 16, 2017 at 4:12 PM Nick Allen <n...@nickallen.org> wrote: > Thanks for laying this all out for us, Raghu. Based on the built-in > support for offline installs and version locking, I think this is a great > suggestion. (However unfortunate the namespace collision might be.) > > > > > > > > > On Wed, Aug 16, 2017 at 8:51 AM RaghuMitra Kandikonda < > raghumitra....@gmail.com> wrote: > >> I would like to start a discussion around using 'yarn' for managing >> dependencies for metron-alerts instead of 'npm'. >> >> This article beautifully summarizes the need of yarn and npm. >> (https://code.facebook.com/posts/1840075619545360) >> >> If you have read the above article you can skip the next two sections >> and jump to 'Additional advantages of Yarn' >> >> ============================================================ >> ============================================================ >> =============== >> Why do we need a new package manager ?. >> >> While 'npm' does a good job for downloading all the required >> dependencies. npm always tries to download the latest and greatest >> versions of all these dependencies. This would create a problem in >> replicating the same build every time we build. Having hard coded >> versions in the package.json seems like a possible solution but this >> will prevent us from knowing that a library has been updated. In JS >> world the version updates are very frequent and we might be missing on >> some of the latest updates and some of these updates might be related >> to security or a cool feature we would like to have in our code base. >> Ex: Angular made 10 releases in last two months, bootstrap made 2 >> releases in last two months. >> >> ============================================================ >> ============================================================ >> =============== >> What is Yarn ?. >> >> Yarn is a new age package manager that can (needs to) be installed >> over npm (or bower). Yarn resolves issues around versioning and >> non-determinism of JS dependencies by using lock files and an install >> algorithm that is deterministic and reliable. These lock files lock >> the installed dependencies to a specific version and ensure that every >> install results in the exact same file structure in node_modules >> across all machines. This kind of a locking mechanism is not available >> with vanilla node. >> >> ============================================================ >> ============================================================ >> =============== >> Additional advantages of Yarn ?. >> >> 1.Yarn helps us to check licenses of all the frameworks we are using. >> (This feature is built in) >> 2.It will reduce the build time of UI for dev as well as in Travis as >> all the dependencies are cached inside '~/.config/yarn/global' >> 3.We can do an offline install of UI as we can zip the dependencies >> and supply it to Yarn instead of downloading from the internet >> 4.Yarn is already integrated with Travis >> (https://blog.travis-ci.com/2016-11-21-travis-ci-now-supports-yarn) >> >> ============================================================ >> ============================================================ >> =============== >> How to migrate ?. >> >> A yarn.lock file can be created from existing package.json file and >> this file would be checked in. >> >> ============================================================ >> ============================================================ >> =============== >> How does the process change ?. >> >> 1.All the developers would use 'npm install' so that they can get the >> latest versions of the dependencies. >> 2.The build would use 'yarn install'. ( This change would be made in >> metron-alerts pom.xml file ) >> 3.When the dev notices that a new version of the library is available >> we can test it thoroughly and update yarn.lock file >> >> ============================================================ >> ============================================================ >> =============== >> >> I am not aware of any other package manager that can do this for us, I >> can explore others if you have a suggestion. >> >> >> -Raghu Mitra >> >
