Yarn's "workspaces" are not used in a Rush repo, since they rely on an installation model that doesn't protect against phantom dependencies.
Yarn installs faster than NPM (although somewhat slower than PNPM). Rush's support for Yarn is relatively new and unproven, so we're eager to hear about issues and get them fixed. PNPM is currently the only option that supports the -strict-peer-dependencies protection (see "strictPeerDependencies" in rush.json). Microsoft uses PNPM in Rush repos with hundreds of projects and hundreds of PRs per day, and we've found it to be very fast and reliable.
PNPM is newer and less widely used than NPM or Yarn, but it's a solid piece of software. (The PNPM Discord chat room is a great resource for help, though.) Most "bad" packages have straightforward fixes, but it may seem daunting for a small team. The incompatibilities generally reflect real problems with those packages: (1) forgetting to list dependencies in the package.json file, or (2) implementing homebrew module resolution without handling symlinks according to the standard. Teams who migrate existing projects from Yarn/NPM to PNPM often encounter "bad packages" that need workarounds or fixes. In a complex monorepo, doppelgangers sometimes cause a lot of trouble, so PNPM has an important advantage in this regard.Īlthough PNPM's symlinking strategy correctly follows the modern NodeJS module resolution standard, many legacy packages do not, which causes compatibility problems. PNPM is the only option that solves the NPM doppelgangers problem. We still accept these issues, but we track them differently. If that eliminates the repro, then your issue is likely an NPM regression and may not be fixable in the Rush code base. We're using GitHub issue #886 to track this effort.)īefore reporting a Rush bug involving the NPM package manager, first try downgrading to "npmVersion": "4.5.0". (We'd greatly appreciate community help improving this situation. NPM 4.5.0 is the most recent version that's known to work very reliably, but unfortunately it's pretty old. NPM 5.x and 6.x are both known to have unresolved regressions that cause trouble in Rush repos. If you choose NPM, you may need to use an older release. NPM is the most compatible choice, and the most forgiving for dealing with "bad" packages. The Rush developers don't endorse a particular package manager, but here are some observations based on our experience from managing our own monorepos: Considerations for NPM PNPM: A fundamentally new installation model that solves the "phantom dependency" and "NPM doppelganger"" problems, while cleverly making use of symlinks to remain 100% compatible with the NodeJS module resolution standard. Yarn workspaces) that facilitate large scale development.
Yarn: a complete rewrite of the NPM tool that preserves the same installation model, but promises faster installations, better reliability, and some cool new features (e.g. The tool's developers also maintain the registry, which is currently the most popular place to distribute open source JavaScript libraries. NPM: the tool that pioneered the packaging standard and registry protocol used by most JavaScript package managers today. (Our community loves flexibility and choices, so of course there's not just one!) Rush supports the three most popular package managers. Before you can start installing a JavaScript library, you need to choose which package manager you will use.
0 kommentar(er)
