xterm.js icon indicating copy to clipboard operation
xterm.js copied to clipboard
verified publisher icon xtermjs

Replace yarn with npm

Open Tyriar opened this issue 1 year ago • 4 comments

npm has long had the performance changes we switched to yarn for. Also we're stuck on yarn v1 (https://github.com/xtermjs/xterm.js/issues/5175) and VS Code has switched back to npm and it would be nice to keep them in sync.

Tyriar avatar Dec 12 '24 14:12 Tyriar

I'd love to work on this issue, but I'd like to ask: what parts of xterm.js use yarn? And since it's already possible to use npm manually, do you mean that we should change the default package manager to be npm instead of yarn?

GreggZumbari avatar Mar 03 '25 00:03 GreggZumbari

@GreggZumbari this would be best to be someone on the core team to do as dependencies are a common attack surface for supply chain attacks.

Tyriar avatar Mar 03 '25 14:03 Tyriar

Gotcha, I'll find a different issue.

GreggZumbari avatar Mar 04 '25 01:03 GreggZumbari

@Tyriar - Could I get clarification on what is stuck -- is it that the yarn.lock file has a full set of dependencies pinned - so that the versions need to be matched?

In my experience, Yarn 4 works well, has greater security features and more flexibility than npm. While this seems to be a closed case, may I suggest looking into developing an appropriate .yarnrc.yml which would bring Yarn up to date? corepack remains a part of the standard node.js distribution, making corepack enable straightforward.

Downchuck avatar Jun 01 '25 19:06 Downchuck

@Downchuck yarn is an extra tool when npm that ships with node is sufficient for our use cases. It may be better in various ways, but it's not that important given our use case.

Tyriar avatar Nov 01 '25 21:11 Tyriar