react-slingshot
react-slingshot copied to clipboard
Consolidate on a single package manager
I was reviewing StackOverflow and found this question. Why does react slingshot repo uses both, Npm and yarn? . After reading the answer I found myself agreeing heavily that we should stick with just once.
Looking at our appveyor file, there is not a clear winner as we use yarn for installs, but npm for tasks/scripts.
Looking at our travis file, we are exclusively using yarn.
Personally I prefer npm and would recommend that, due to is high level of inclusion.
However given that we are a high commitment to yarn we may want to move forward with that.
What are you thoughts?
I'm fine with going to just npm for all our CI. It's a lot faster now and has a lock file like yarn, so builds are deterministic.
If users prefer yarn, when they clone or fork the repo and install via yarn, their yarn.lock
file will be generated and they can go from there.
The only question I have is for CI. Do we need to explicitly install a version of npm that supports the package-lock.json
file?
Unfortunately, there's a cross-plat bug in npm:
In fact, on my project at work, we've added a .npmrc with this:
save-exact=true
# Disabling npm 5 package-lock files since they don't work properly cross-platform per https://github.com/npm/npm/issues/17722
# You can still use npm, but it'll be slower. We're using yarn for development.
package-lock=false
I thought I recalled you mentioning that I am fine postponing this consolidation until that is resolved or we go with yarn since removing yarn and using npm is much simplier.
We could also continue using both, just a thought.
@coryhouse, it seems as of npm 5.4.2 the issue is solved with package-lock.json, https://github.com/npm/npm/issues/17979#issuecomment-332701215 . Is this the issue you were refererring to?
@nickytonline - Geez, sorry I missed your reply. This is the issue I'm referring to: https://github.com/npm/npm/issues/17722
I recently saw a repo where they ignored lock files. What do we think about doing that here?
I think as a boilerplate it make sense to not really pick a side and have a lock file.
On the other hand, users should be able to download and go. This would add a step they need to go to use this in a real system. That being said it could be a step of the clean up script we have.
I am using react-slingshot in one project, I plan to remove yarn.lock file and continue with npm, what other changes do I have to make in the app then?
Just removing yarn.lock should be enough. Let me know if you have any issues.