react-slingshot icon indicating copy to clipboard operation
react-slingshot copied to clipboard

Published 20 hours ago verified publisher icon coryhouse

Consolidate on a single package manager

Open kwelch opened this issue 6 years ago • 8 comments

I was reviewing StackOverflow and found this question. Why does react slingshot repo uses both, Npm and yarn? . After reading the answer I found myself agreeing heavily that we should stick with just once.

Looking at our appveyor file, there is not a clear winner as we use yarn for installs, but npm for tasks/scripts.

Looking at our travis file, we are exclusively using yarn.

Personally I prefer npm and would recommend that, due to is high level of inclusion.

However given that we are a high commitment to yarn we may want to move forward with that.

What are you thoughts?

kwelch avatar Jan 05 '18 15:01 kwelch

I'm fine with going to just npm for all our CI. It's a lot faster now and has a lock file like yarn, so builds are deterministic.

If users prefer yarn, when they clone or fork the repo and install via yarn, their yarn.lock file will be generated and they can go from there.

The only question I have is for CI. Do we need to explicitly install a version of npm that supports the package-lock.json file?

nickytonline avatar Jan 05 '18 15:01 nickytonline

Unfortunately, there's a cross-plat bug in npm:

In fact, on my project at work, we've added a .npmrc with this:

save-exact=true
# Disabling npm 5 package-lock files since they don't work properly cross-platform per https://github.com/npm/npm/issues/17722
# You can still use npm, but it'll be slower. We're using yarn for development.
package-lock=false

coryhouse avatar Jan 05 '18 16:01 coryhouse

I thought I recalled you mentioning that I am fine postponing this consolidation until that is resolved or we go with yarn since removing yarn and using npm is much simplier.

We could also continue using both, just a thought.

kwelch avatar Jan 06 '18 17:01 kwelch

@coryhouse, it seems as of npm 5.4.2 the issue is solved with package-lock.json, https://github.com/npm/npm/issues/17979#issuecomment-332701215 . Is this the issue you were refererring to?

nickytonline avatar Feb 15 '18 01:02 nickytonline

@nickytonline - Geez, sorry I missed your reply. This is the issue I'm referring to: https://github.com/npm/npm/issues/17722

coryhouse avatar Apr 30 '18 11:04 coryhouse

I recently saw a repo where they ignored lock files. What do we think about doing that here?

I think as a boilerplate it make sense to not really pick a side and have a lock file.

On the other hand, users should be able to download and go. This would add a step they need to go to use this in a real system. That being said it could be a step of the clean up script we have.

kwelch avatar Dec 22 '18 02:12 kwelch

I am using react-slingshot in one project, I plan to remove yarn.lock file and continue with npm, what other changes do I have to make in the app then?

ar5had avatar Aug 20 '19 12:08 ar5had

Just removing yarn.lock should be enough. Let me know if you have any issues.

nickytonline avatar Aug 20 '19 13:08 nickytonline