yarnpkg / yarn Goto Github PK
View Code? Open in Web Editor NEWThe 1.x line is frozen - features and bugfixes now happen on https://github.com/yarnpkg/berry
Home Page: https://classic.yarnpkg.com
License: Other
The 1.x line is frozen - features and bugfixes now happen on https://github.com/yarnpkg/berry
Home Page: https://classic.yarnpkg.com
License: Other
So, as I suspected, you are using symlinks for generating all those node_modules. Unfortunately, watchman doesn't support symlinks. This has been a longstanding issue (can't use npm link) and we need to figure out a solution with the watchman team.
When we're outputting an error from a dependency show it's relationship to one of the dependencies a user actually knows about.
I dunno how this would work but it would be epic.
I think it would be nice to explore a way of publishing other than npm publish
.
Right now I stay logged out of npm on my machine and I run npm login
npm publish
npm logout
every time I want to publish a package. Maybe this could just be an alias of that.
I guess the decision is still to be made if this is going to be a complete replacement for npm. In the meantime here is a semi-organized list of commands (and aliases) on npm today.
Display local information:
Display remote information:
Run local scripts:
Modify local package:
Modify remote package:
Staring:
Authentication:
Dependency managment:
Misc:
I just tried kpm for fun on a side project (react-dnd).
When I run kpm install
I get:
kpm i
kpm install v0.0.0
info No lockfile found.
[1/4] π Resolving and fetching packages...
β webpack-dev-server@^1.8.2Error: http://registry.npmjs.org/disposables/-/disposables-1.0.1.tgz: invalid tar file
at Extract.Parse._startEntry (/Users/dan/p/kpm/node_modules/tar/lib/parse.js:149:13)
at Extract.Parse._process (/Users/dan/p/kpm/node_modules/tar/lib/parse.js:131:12)
at BlockStream.<anonymous> (/Users/dan/p/kpm/node_modules/tar/lib/parse.js:47:8)
at emitOne (events.js:77:13)
at BlockStream.emit (events.js:169:7)
at BlockStream._emitChunk (/Users/dan/p/kpm/node_modules/block-stream/block-stream.js:145:10)
at BlockStream.write (/Users/dan/p/kpm/node_modules/block-stream/block-stream.js:45:10)
at Extract.Parse.write (/Users/dan/p/kpm/node_modules/tar/lib/parse.js:81:23)
at Unzip.ondata (_stream_readable.js:528:20)
at emitOne (events.js:77:13)
Curious whether this is a bug, or if I misunderstand something and canβt use kpm
there.
When installing react-native
we hit peak memory usage of 259.90MB. This should be minimised as much as possible. We could have a disk cache but then we're just reimplementing virtual memory which is silly.
Useful if something gets corrupted. Like npm cache clean
.
When running kpm install
, clear dependencies inside node_modules
not specified in the package.json
.
If an install take 10 seconds.. but some packages take up the majority of the time... we should let the user know and give them a way to file an upstream bug with the package to speed things up.
Timing is going to be sort of tricky as a lot of stuff is parallel which could delay package resolution.
This issue is a wip outlining a number of ideas that were discussed with @kittens 2/5/2016. Storing my thoughts and will expand with comments/reasoning.
kpm install
Would be nice if I could say kpm update <lib-name> <other-lib>
which would only update those, and it's unique deps, if this can't be satisfied some helpful error is provided.
This would allow for very controlled an granular updates, without fear of wider side affects.
Now in other cases, without arguments maybe, it should update all dependencies.
JSON is not sufficient.
Something like Gemfile.lock
: https://github.com/discourse/discourse/blob/master/Gemfile.lock
It's version control friendly. Alphabetised and doesn't have superfluous punctuation that will cause conflicts such as commas etc.
Not sure if we need to do this
Chrome does this for extensions. Could use their heuristics for inspiration.
https://github.com/ChALkeR/notes/blob/master/Do-not-underestimate-credentials-leaks.md
For example the react
package might want to declare in it's package.json
that only one of it should exist and if we resolve to multiple versions then we should error.
Would be cool if we baked engine-deps into core
This will probably require some internal trickery but will be worth it for ecosystem integration.
What should the default behaviour be? A warning? Hard error? Prompt the user and make them type "yes"? Nothing?
We also possibly need the ability to specify bad licenses.
kpm
is silly. Doesn't really mean anything. [a-z]pm
is overdone.
Lets just avoid this entire pitfall
for publish actions we will need a special flow, but by default I think it should not let you do any command as a logged in user.
We don't do anything with dest
passed to fetch()
Firing off N number of concurrent requests can blow up some peps routers and or computers.
We should make sure kpm has very smart backoff and retry logic
These don't go through the request manager (but probably should).
Avoid conflicts when resolving from multiple registries in the same package resolver session
A declarative, efficient, and flexible JavaScript library for building user interfaces.
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. πππ
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google β€οΈ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.