metron-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Allen <n...@nickallen.org>
Subject Re: [DISCUSS] Using Yarn package manager for metron-alerts
Date Wed, 16 Aug 2017 20:51:11 GMT
It is also my understanding that
​there is no hard cut-over to yarn
.
​After we
introduce the yarn.lock
​
​,​
as a developer you can choose to continue to use npm or switch to yarn.

Other developers on the project can keep using npm, so you don’t need to
> get everyone on your project to convert at the same time. The developers
> using yarn will all get exactly the same configuration as each other, and
> the developers using npm may get slightly different configurations, which
> is the intended behavior of npm.


https://yarnpkg.com/lang/en/docs/migrating-from-npm/


​Oh, and I just switched metron-alerts projects to yarn (as a test) and
performed an offline install.  It was stupid simple.​




On Wed, Aug 16, 2017 at 4:12 PM Nick Allen <nick@nickallen.org> wrote:

> Thanks for laying this all out for us, Raghu.  Based on the built-in
> support for offline installs and version locking, I think this is a great
> suggestion. (However unfortunate the namespace collision might be.)
>
>
>
>
>
>
>
>
> On Wed, Aug 16, 2017 at 8:51 AM RaghuMitra Kandikonda <
> raghumitra.ksv@gmail.com> wrote:
>
>> I would like to start a discussion around using 'yarn' for managing
>> dependencies for metron-alerts instead of 'npm'.
>>
>> This article beautifully summarizes the need of yarn and npm.
>> (https://code.facebook.com/posts/1840075619545360)
>>
>> If you have read the above article you can skip the next two sections
>> and jump to 'Additional advantages of Yarn'
>>
>> ============================================================
>> ============================================================
>> ===============
>> Why do we need a new package manager ?.
>>
>> While 'npm' does a good job for downloading all the required
>> dependencies. npm always tries to download the latest and greatest
>> versions of all these dependencies. This would create a problem in
>> replicating the same build every time we build. Having hard coded
>> versions in the package.json seems like a possible solution but this
>> will prevent us from knowing that a library has been updated. In JS
>> world the version updates are very frequent and we might be missing on
>> some of the latest updates and some of these updates might be related
>> to security or a cool feature we would like to have in our code base.
>> Ex: Angular made 10 releases in last two months, bootstrap made 2
>> releases in last two months.
>>
>> ============================================================
>> ============================================================
>> ===============
>> What is Yarn  ?.
>>
>> Yarn is a new age package manager that can (needs to) be installed
>> over npm (or bower). Yarn resolves issues around versioning and
>> non-determinism of JS dependencies by using lock files and an install
>> algorithm that is deterministic and reliable. These lock files lock
>> the installed dependencies to a specific version and ensure that every
>> install results in the exact same file structure in node_modules
>> across all machines. This kind of a locking mechanism is not available
>> with vanilla node.
>>
>> ============================================================
>> ============================================================
>> ===============
>> Additional advantages of Yarn ?.
>>
>> 1.Yarn helps us to check licenses of all the frameworks we are using.
>> (This feature is built in)
>> 2.It will reduce the build time of UI for dev as well as in Travis as
>> all the dependencies are cached inside '~/.config/yarn/global'
>> 3.We can do an offline install of UI as we can zip the dependencies
>> and supply it to Yarn instead of downloading from the internet
>> 4.Yarn is already integrated with Travis
>> (https://blog.travis-ci.com/2016-11-21-travis-ci-now-supports-yarn)
>>
>> ============================================================
>> ============================================================
>> ===============
>> How to migrate ?.
>>
>> A yarn.lock file can be created from existing package.json file and
>> this file would be checked in.
>>
>> ============================================================
>> ============================================================
>> ===============
>> How does the process change ?.
>>
>> 1.All the developers would use 'npm install' so that they can get the
>> latest versions of the dependencies.
>> 2.The build would use 'yarn install'. ( This change would be made in
>> metron-alerts pom.xml file )
>> 3.When the dev notices that a new version of the library is available
>> we can test it thoroughly and update yarn.lock file
>>
>> ============================================================
>> ============================================================
>> ===============
>>
>> I am not aware of any other package manager that can do this for us, I
>> can explore others if you have a suggestion.
>>
>>
>> -Raghu Mitra
>>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message