booster icon indicating copy to clipboard operation
booster copied to clipboard

Published 20 hours ago verified publisher icon boostercloud

RFC: Switch to Yarn as recommended package manager

Open NickSeagull opened this issue 4 years ago • 1 comments

Here I'm suggesting to use Yarn as the recommended package manager, because I'm having inconsistencies lately through npm versions. And it looks like I'm not the only one

For instance, if I use npm v7 for installing Booster and/or Rockets, I get a bunch of postinstall errors, but if I downgrade to v6 I don't.

Also, we are pinning dependencies to specific versions, which is very bad, as we don't get security upgrades

People tend to complain less about Yarn, and they are adding workspaces supports.

The key feature of Yarn for me right now is reproducible builds, which npm constantly fails to deliver.

Thoughts?

NickSeagull avatar Aug 06 '21 12:08 NickSeagull

We had a conversation about this topic in Discord today, Here's a summary of the discussion:

@javiertoledo:

We did a huge effort to drop yarn at the beginning of this year for the same reasons! The thing is that we literally dropped yarn because lerna wasn’t playing nicely with it in all workflows and we had all kinds of weird errors. Also, we had some doubts about yarn’s future. Indeed, npm 7 could potentially replace lerna with the workspaces feature: https://docs.npmjs.com/cli/v7/using-npm/workspaces

@NickSeagull's answer:

I'm not sure about what you say of npm, they announced that v6 is not maintained anymore nor they are giving support (https://github.com/npm/cli/issues/3351), yet v7 is super buggy for many people (https://github.com/npm/cli/issues/3606) (this last issue is what happens in Booster when you use v7 in our codebase for development) It is still super weird to me that we have in our docs "Use Node v14 or newer, but not newer than v16" and now npm v7 doesn't work for developing... One thing that comes to my mind is what Haskell does for their package repositories is that they build and test the projects with different versions: https://matrix.hackage.haskell.org/#/package/aws-lambda-haskell-runtime Perhaps we should add a CI/CD task that does this for unit tests in GitHub actions so it runs them using different Node/NPM versions to ensure everything works? I don't know...

javiertoledo avatar Aug 25 '21 14:08 javiertoledo

Folks can now use whatever package manager they please, closing

NickSeagull avatar Nov 15 '22 11:11 NickSeagull