SAFE-template icon indicating copy to clipboard operation
SAFE-template copied to clipboard
verified publisher icon SAFE-Stack

Use `npm ci` rather than `npm install` in Build.fs?

Open mattgallagher92 opened this issue 1 year ago • 5 comments

npm ci would restore dependencies specified in package-lock.json (if consistent with package.json), but not alter it. See https://docs.npmjs.com/cli/v10/commands/npm-ci. It might be faster too.

If developers want to alter what's in the lockfile, it feels like they should be deliberately running an npm install, rather than it being a side effect of build targets.

Any reason not to do this?

mattgallagher92 avatar Jun 18 '24 16:06 mattgallagher92

It seems that it's much slower! Is there something else we can do to get this working?

mattgallagher92 avatar Jun 21 '24 16:06 mattgallagher92

I am quite confident that npm ci is the preferred command for build pipelines.

It seems that it's much slower!

Where have you observed this?

I think it is better to be slow (hopefully this can be rectified) and safe than fast and potentially "dangerous".

For now I have approved this in #619 and it has been merged but we can always undo this if the slowdown is very significant and canot be resolved.

jwthomson avatar Jun 28 '24 12:06 jwthomson

Prash tested it and said that it was of the order of 10 seconds (may even have been 20) to run npm ci as compared to less than 1 second for npm install

mattgallagher92 avatar Jun 28 '24 13:06 mattgallagher92

Sorry for merging this! I did not realize @jwthomson was not aware of the discussion we had on this last week

Larocceau avatar Jun 28 '24 13:06 Larocceau

I've run each a few times locally and it is slower, at least on my machine. It was a lot slower the first time. It would be useful to test this in a real dev scenario where npm ci is being run fairly often but not lots of times in immediate succession, to get a more accurate feel for how this would work in practice.

npm ci npm install
Cold, first run 14.9s 1.2s
Successive runs ~4s ~1.2s

jwthomson avatar Jun 28 '24 15:06 jwthomson

Following some discussion around caching, I have re-run these tests making sure that they are both using fresh, empty cache directories.

I'm measuring using the following:

Measure-Command { npm install --cache C:\tmp\install-cache }
Measure-Command { npm ci --cache C:\tmp\ci-cache }

I think it is important to look at the relative times rather than the raw times. Overall I don't there's a significant difference vs last week's tests.

npm ci npm install
Cold, first run (empty cache) 7.1s 0.8s
Successive runs, without clearing cache (mean of 3) 2.6s 0.8s

jwthomson avatar Jul 05 '24 16:07 jwthomson

I think we've agreed to go ahead with this - can be closed once the latest template is released.

isaacabraham avatar Jul 19 '24 09:07 isaacabraham

We've already merged the change. This issue was open to see if we wanted to revert it 😅 As we've now agreed, let's just close the issue.

mattgallagher92 avatar Jul 19 '24 11:07 mattgallagher92