BrayanBot
BrayanBot copied to clipboard
DevAutomating
Migrate to pnpm, or Yarn
BrayanBot is currently using npm (which, ironically does not stand for node package manager) and as much as it is simple to use, it is is slow, inefficient and insecure by default. Yarn mitigates some of it's issues (and it's comparatively faster than npm) but the security concern remains. pnpm on the other hand, is fast, efficient and secure; which is why I will recommend switching to it by default in our package.json and documentation
Naturally, further testing remains to be done; but since pnpm stands for performant npm; compatibility should be superb.
Alternative reads:
- https://blog.logrocket.com/javascript-package-managers-compared/
- https://medium.com/pnpm/why-should-we-use-pnpm-75ca4bfe7d93
- https://blog.bitsrc.io/pnpm-javascript-package-manager-4b5abd59dc9?gi=9a0f7e5e092d
- Benchmarks
This would limit users to find hosting that gives pnpm or will give to the user for this specific use
It is not really "this specific use", it's a significant change regarding security and efficiency which I think should be the default
and no, it would not limit users to finding specific hosting that provides pnpm because you can always change your package.json back to npm
This is how easy it is to change it:
"scripts": {
"dev": "nodemon index.js --show-errors --no-install -e js",
"start": "node index.js",
- "install:start": "pnpm i && node index.js --no-install",
- "install:dev": "pnpm i && nodemon index.js --show-errors --no-install -e js"
}
"scripts": {
"dev": "nodemon index.js --show-errors --no-install -e js",
"start": "node index.js",
+ "install:start": "npm i && node index.js --no-install",
+ "install:dev": "npm i && nodemon index.js --show-errors --no-install -e js"
}
This is how easy it is to change it:
"scripts": { "dev": "nodemon index.js --show-errors --no-install -e js", "start": "node index.js", - "install:start": "pnpm i && node index.js --no-install", - "install:dev": "pnpm i && nodemon index.js --show-errors --no-install -e js" }"scripts": { "dev": "nodemon index.js --show-errors --no-install -e js", "start": "node index.js", + "install:start": "npm i && node index.js --no-install", + "install:dev": "npm i && nodemon index.js --show-errors --no-install -e js" }
Remember about AddonHandler which handles Module Installer
This is how easy it is to change it:
"scripts": { "dev": "nodemon index.js --show-errors --no-install -e js", "start": "node index.js", - "install:start": "pnpm i && node index.js --no-install", - "install:dev": "pnpm i && nodemon index.js --show-errors --no-install -e js" }"scripts": { "dev": "nodemon index.js --show-errors --no-install -e js", "start": "node index.js", + "install:start": "npm i && node index.js --no-install", + "install:dev": "npm i && nodemon index.js --show-errors --no-install -e js" }Remember about AddonHandler which handles Module Installer
Right. In that case we can either provide an alternative download or instructions on how to migrate inbetween.
As a side note, pnpm is (just like yarn), or rather; can be, installed as a npm package; so that should not be an issue.
