metron-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Allen <n...@nickallen.org>
Subject Re: [DISCUSS] Using Yarn package manager for metron-alerts
Date Wed, 16 Aug 2017 20:12:23 GMT
Thanks for laying this all out for us, Raghu.  Based on the built-in
support for offline installs and version locking, I think this is a great
suggestion. (However unfortunate the namespace collision might be.)








On Wed, Aug 16, 2017 at 8:51 AM RaghuMitra Kandikonda <
raghumitra.ksv@gmail.com> wrote:

> I would like to start a discussion around using 'yarn' for managing
> dependencies for metron-alerts instead of 'npm'.
>
> This article beautifully summarizes the need of yarn and npm.
> (https://code.facebook.com/posts/1840075619545360)
>
> If you have read the above article you can skip the next two sections
> and jump to 'Additional advantages of Yarn'
>
>
> =======================================================================================================================================
> Why do we need a new package manager ?.
>
> While 'npm' does a good job for downloading all the required
> dependencies. npm always tries to download the latest and greatest
> versions of all these dependencies. This would create a problem in
> replicating the same build every time we build. Having hard coded
> versions in the package.json seems like a possible solution but this
> will prevent us from knowing that a library has been updated. In JS
> world the version updates are very frequent and we might be missing on
> some of the latest updates and some of these updates might be related
> to security or a cool feature we would like to have in our code base.
> Ex: Angular made 10 releases in last two months, bootstrap made 2
> releases in last two months.
>
>
> =======================================================================================================================================
> What is Yarn  ?.
>
> Yarn is a new age package manager that can (needs to) be installed
> over npm (or bower). Yarn resolves issues around versioning and
> non-determinism of JS dependencies by using lock files and an install
> algorithm that is deterministic and reliable. These lock files lock
> the installed dependencies to a specific version and ensure that every
> install results in the exact same file structure in node_modules
> across all machines. This kind of a locking mechanism is not available
> with vanilla node.
>
>
> =======================================================================================================================================
> Additional advantages of Yarn ?.
>
> 1.Yarn helps us to check licenses of all the frameworks we are using.
> (This feature is built in)
> 2.It will reduce the build time of UI for dev as well as in Travis as
> all the dependencies are cached inside '~/.config/yarn/global'
> 3.We can do an offline install of UI as we can zip the dependencies
> and supply it to Yarn instead of downloading from the internet
> 4.Yarn is already integrated with Travis
> (https://blog.travis-ci.com/2016-11-21-travis-ci-now-supports-yarn)
>
>
> =======================================================================================================================================
> How to migrate ?.
>
> A yarn.lock file can be created from existing package.json file and
> this file would be checked in.
>
>
> =======================================================================================================================================
> How does the process change ?.
>
> 1.All the developers would use 'npm install' so that they can get the
> latest versions of the dependencies.
> 2.The build would use 'yarn install'. ( This change would be made in
> metron-alerts pom.xml file )
> 3.When the dev notices that a new version of the library is available
> we can test it thoroughly and update yarn.lock file
>
>
> =======================================================================================================================================
>
> I am not aware of any other package manager that can do this for us, I
> can explore others if you have a suggestion.
>
>
> -Raghu Mitra
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message