Moving from lerna to pnpm - javascript

I am currently migrating our project from Lerna to PNPM and we have a script we run I have posted it below
"postinstall": "npm run bootstrap"
"bootstrap": "lerna bootstrap --hoist",
"clean": "lerna clean -y",
is there a PNPM equivalent of Lerna bootstrap command and Lerna clean command?

You don't need any Lerna bootstrap equivalent, just get started with pnpm workspace is easy enough, you just need to add a pnpm-workspace.yaml file in your project root and add the location of your packages (which is typically packages/). As mentioned on pnpm documentation:
A workspace must have a pnpm-workspace.yaml file in its root. A workspace also may have an .npmrc in its root.
Hoisting is not recommended with pnpm and is disabled by default, but if you really want to hoist then you can add shamefully-hoist into .npmrc, see pnpm doc - shamefully-hoist
By default, pnpm creates a semistrict node_modules, meaning dependencies have access to undeclared dependencies but modules outside of node_modules do not. With this layout, most of the packages in the ecosystem work with no issues. However, if some tooling only works when the hoisted dependencies are in the root of node_modules, you can set this to true to hoist them for you.
I'm not sure about lerna clean equivalent but to remove a dependency from node module, you can use pnpm remove --recursive as per pnpm doc - remove
When used inside a workspace (with --recursive), removes a dependency (or dependencies) from every workspace package.
When used not inside a workspace, removes a dependency (or dependencies) from every package found in subdirectories.
You can see an example of all of that in Lerna-Lite pnpm-workspace.yaml and I would suggest you to take a look at Lerna-Lite and maybe not give up Lerna entirely, I created Lerna-Lite fork when Lerna was no longer maintained (it is now) and the big difference is that Lerna-Lite only has a subset of the original Lerna commands (all the Lerna commands you mentioned aren't in Lerna-Lite because all package managers now handle these better than Lerna/Lerna-Lite does), the other distinction is that it's much smaller since I also made a few commands as optional packages and only kept version and publish in the core CLI, so it's much smaller when version and publish is all you need. I also don't like the new Lerna changes and the new direction that Lerna is now heading to (it's becoming more & more another Nrwl/Nx product, because Lerna v6 is now requiring Nx behind the scene, and that is not the case with Lerna-Lite, Nx can be installed with Lerna-Lite but it's totally optional and that's the way it should and will always be in Lerna-Lite).

Related

How do I stop the prettier dependency in node_modules overriding the project .prettierrc?

In the node_modules folder there is a prettier install (package.json says "version": "1.19.1",) that is overriding the .prettierrc in my project root.
When I delete that dir, formatting returns to normal.
But this is only temporary as npm i puts it back. Something has it as a dependency, even tho searching for "prettier" or 1.19.1 only returns the package-lock.json.
I have other projects that work correctly without a node_modules installation of prettier, but this github template had it.
How can I clear this up? Ideally, I want to only use the project level .prettierrc.
You can find out which package is the culprit by searching in your package-lock.json. Each package in there has a requires field which lists its dependencies. That way you can traverse the chain to find out which dependency is causing the install.
Once you found the package, you have several options to force a specific dependency. In your case, you would force the latest version of prettier-plugin-svelte to be installed. In your case it's probably best to use npm shrinkwrap. You first add the latest version of prettier-plugin-svelte to your package.json, then do npm i, then make sure that only the latest prettier-plugin-svelte appears in your node_modules, then run npm shrinkwrap. More info here: https://nodejs.org/en/blog/npm/managing-node-js-dependencies-with-shrinkwrap/
More info and alternatives on forcing versions for various tools (npm/yarn) can be found in this StackOverflow answer: How do I override nested NPM dependency versions?

How to avoid install of packages in monorepo using Yarn

I built a monorepo using Lerna and Yarn workspaces.
Everything works fine but everytime I install a new dependency on a package (let's call him A) using:
yarn add <package_name>
Yarn adds it and then triggers the install script of all the packages in the monorepo, even the ones that A doesn't rely on.
It there anyway to avoid this? It takes a few moment to install them for no reason at all.
Try adding to the specific workspace with:-
yarn workspace <workspace_name> add <package_name>
For some docs check here
Using scope add the package to the particular module.
lerna add some_package_1 --scope=some_module_x
More: https://github.com/lerna/lerna/tree/master/commands/add#readme
You can try Yarn 2 with nodeLinker: node-modules in .yarnrc.yml. Yarn 2 guarantees to trigger rebuild only on packages that have their dependencies changed, this is something that was not guaranteed by Yarn 1. However there will still be a very rare case when seemingly unrelated packages be rebuilt if they are hoisted differently after adding new package, but this will happen very rarely.

React dev dependencies vs dependencies [duplicate]

This documentation answers my question very poorly. I didn't understand those explanations. Can someone say in simpler words? Maybe with examples if it's hard to choose simple words?
EDIT also added peerDependencies, which is closely related and might cause confusion.
Summary of important behavior differences:
dependencies are installed on both:
npm install from a directory that contains package.json
npm install $package on any other directory
devDependencies are:
also installed on npm install on a directory that contains package.json, unless you pass the --production flag (go upvote Gayan Charith's answer), or if the NODE_ENV=production environment variable is set
not installed on npm install "$package" on any other directory, unless you give it the --dev option.
are not installed transitively.
peerDependencies:
before 3.0: are always installed if missing, and raise an error if multiple incompatible versions of the dependency would be used by different dependencies.
expected to start on 3.0 (untested): give a warning if missing on npm install, and you have to solve the dependency yourself manually. When running, if the dependency is missing, you get an error (mentioned by #nextgentech) This explains it nicely: https://flaviocopes.com/npm-peer-dependencies/
in version 7 peerDependencies are automatically installed unless an upstream dependency conflict is present that cannot be automatically resolved
Transitivity (mentioned by Ben Hutchison):
dependencies are installed transitively: if A requires B, and B requires C, then C gets installed, otherwise, B could not work, and neither would A.
devDependencies is not installed transitively. E.g. we don't need to test B to test A, so B's testing dependencies can be left out.
Related options not discussed here:
bundledDependencies which is discussed on the following question: Advantages of bundledDependencies over normal dependencies in npm
optionalDependencies (mentioned by Aidan Feldman)
devDependencies
dependencies are required to run, devDependencies only to develop, e.g.: unit tests, CoffeeScript to JavaScript transpilation, minification, ...
If you are going to develop a package, you download it (e.g. via git clone), go to its root which contains package.json, and run:
npm install
Since you have the actual source, it is clear that you want to develop it, so by default, both dependencies (since you must, of course, run to develop) and devDependency dependencies are also installed.
If however, you are only an end user who just wants to install a package to use it, you will do from any directory:
npm install "$package"
In that case, you normally don't want the development dependencies, so you just get what is needed to use the package: dependencies.
If you really want to install development packages in that case, you can set the dev configuration option to true, possibly from the command line as:
npm install "$package" --dev
The option is false by default since this is a much less common case.
peerDependencies
(Tested before 3.0)
Source: https://nodejs.org/en/blog/npm/peer-dependencies/
With regular dependencies, you can have multiple versions of the dependency: it's simply installed inside the node_modules of the dependency.
E.g. if dependency1 and dependency2 both depend on dependency3 at different versions the project tree will look like:
root/node_modules/
|
+- dependency1/node_modules/
| |
| +- dependency3 v1.0/
|
|
+- dependency2/node_modules/
|
+- dependency3 v2.0/
Plugins, however, are packages that normally don't require the other package, which is called the host in this context. Instead:
plugins are required by the host
plugins offer a standard interface that the host expects to find
only the host will be called directly by the user, so there must be a single version of it.
E.g. if dependency1 and dependency2 peer depend on dependency3, the project tree will look like:
root/node_modules/
|
+- dependency1/
|
+- dependency2/
|
+- dependency3 v1.0/
This happens even though you never mention dependency3 in your package.json file.
I think this is an instance of the Inversion of Control design pattern.
A prototypical example of peer dependencies is Grunt, the host, and its plugins.
For example, on a Grunt plugin like https://github.com/gruntjs/grunt-contrib-uglify, you will see that:
grunt is a peer-dependency
the only require('grunt') is under tests/: it's not actually used by the program.
Then, when the user will use a plugin, he will implicitly require the plugin from the Gruntfile by adding a grunt.loadNpmTasks('grunt-contrib-uglify') line, but it's grunt that the user will call directly.
This would not work then if each plugin required a different Grunt version.
Manual
I think the documentation answers the question quite well, maybe you are just not familiar enough with node / other package managers. I probably only understand it because I know a bit about Ruby bundler.
The key line is:
These things will be installed when doing npm link or npm install from the root of a package and can be managed like any other npm configuration parameter. See npm-config(7) for more on the topic.
And then under npm-config(7) find dev:
Default: false
Type: Boolean
Install dev-dependencies along with packages.
If you do not want to install devDependencies you can use npm install --production
As an example, mocha would normally be a devDependency, since testing isn't necessary in production, while express would be a dependency.
dependencies
Dependencies that your project needs to run, like a library that provides functions that you call from your code.
They are installed transitively (if A depends on B depends on C, npm install on A will install B and C).
Example: lodash: your project calls some lodash functions.
devDependencies
Dependencies you only need during development or releasing, like compilers that take your code and compile it into javascript, test frameworks or documentation generators.
They are not installed transitively (if A depends on B dev-depends on C, npm install on A will install B only).
Example: grunt: your project uses grunt to build itself.
peerDependencies
Dependencies that your project hooks into, or modifies, in the parent project, usually a plugin for some other library or tool. It is just intended to be a check, making sure that the parent project (project that will depend on your project) has a dependency on the project you hook into. So if you make a plugin C that adds functionality to library B, then someone making a project A will need to have a dependency on B if they have a dependency on C.
They are not installed (unless npm < 3), they are only checked for.
Example: grunt: your project adds functionality to grunt and can only be used on projects that use grunt.
This documentation explains peer dependencies really well: https://nodejs.org/en/blog/npm/peer-dependencies/
Also, the npm documentation has been improved over time, and now has better explanations of the different types of dependencies: https://github.com/npm/cli/blob/latest/docs/content/configuring-npm/package-json.md#devdependencies
To save a package to package.json as dev dependencies:
npm install "$package" --save-dev
When you run npm install it will install both devDependencies and dependencies. To avoid install devDependencies run:
npm install --production
There are some modules and packages only necessary for development, which are not needed in production. Like it says it in the documentation:
If someone is planning on downloading and using your module in their program, then they probably don't want or need to download and build the external test or documentation framework that you use. In this case, it's best to list these additional items in a devDependencies hash.
peerDependencies didn't quite make sense for me until I read this snippet from a blog post on the topic Ciro mentioned above:
What [plugins] need is a way of expressing these “dependencies” between plugins and their host package. Some way of saying, “I only work when plugged in to version 1.2.x of my host package, so if you install me, be sure that it’s alongside a compatible host.” We call this relationship a peer dependency.
The plugin does expect a specific version of the host...
peerDependencies are for plugins, libraries that require a "host" library to perform their function, but may have been written at a time before the latest version of the host was released.
That is, if I write PluginX v1 for HostLibraryX v3 and walk away, there's no guarantee PluginX v1 will work when HostLibraryX v4 (or even HostLibraryX v3.0.1) is released.
... but the plugin doesn't depend on the host...
From the point of view of the plugin, it only adds functions to the host library. I don't really "need" the host to add a dependency to a plugin, and plugins often don't literally depend on their host. If you don't have the host, the plugin harmlessly does nothing.
This means dependencies isn't really the right concept for plugins.
Even worse, if my host was treated like a dependency, we'd end up in this situation that the same blog post mentions (edited a little to use this answer's made up host & plugin):
But now, [if we treat the contemporary version of HostLibraryX as a dependency for PluginX,] running npm install results in the unexpected dependency graph of
├── HostLibraryX#4.0.0
└─┬ PluginX#1.0.0
└── HostLibraryX#3.0.0
I’ll leave the subtle failures that come from the plugin using a different [HostLibraryX] API than the main application to your imagination.
... and the host obviously doesn't depend on the plugin...
... that's the whole point of plugins. Now if the host was nice enough to include dependency information for all of its plugins, that'd solve the problem, but that'd also introduce a huge new cultural problem: plugin management!
The whole point of plugins is that they can pair up anonymously. In a perfect world, having the host manage 'em all would be neat & tidy, but we're not going to require libraries herd cats.
If we're not hierarchically dependent, maybe we're intradependent peers...
Instead, we have the concept of being peers. Neither host nor plugin sits in the other's dependency bucket. Both live at the same level of the dependency graph.
... but this is not an automatable relationship. <<< Moneyball!!!
If I'm PluginX v1 and expect a peer of (that is, have a peerDependency of) HostLibraryX v3, I'll say so. If you've auto-upgraded to the latest HostLibraryX v4 (note that's version 4) AND have Plugin v1 installed, you need to know, right?
npm can't manage this situation for me --
"Hey, I see you're using PluginX v1! I'm automatically downgrading HostLibraryX from v4 to v3, kk?"
... or...
"Hey I see you're using PluginX v1. That expects HostLibraryX v3, which you've left in the dust during your last update. To be safe, I'm automatically uninstalling Plugin v1!!1!
How about no, npm?!
So npm doesn't. It alerts you to the situation, and lets you figure out if HostLibraryX v4 is a suitable peer for Plugin v1.
Coda
Good peerDependency management in plugins will make this concept work more intuitively in practice. From the blog post, yet again...
One piece of advice: peer dependency requirements, unlike those for regular dependencies, should be lenient. You should not lock your peer dependencies down to specific patch versions. It would be really annoying if one Chai plugin peer-depended on Chai 1.4.1, while another depended on Chai 1.5.0, simply because the authors were lazy and didn’t spend the time figuring out the actual minimum version of Chai they are compatible with.
A simple explanation that made it more clear to me is:
When you deploy your app, modules in dependencies need to be installed or your app won't work. Modules in devDependencies don't need to be installed on the production server since you're not developing on that machine.
link
I found a simple explanation.
Short Answer:
dependencies
"...are those that your project really needs to be able to work in production."
devDependencies
"...are those that you need during development."
peerDependencies
"if you want to create and publish your own library so that it can be used as a dependency"
More details in this post:
https://code-trotter.com/web/dependencies-vs-devdependencies-vs-peerdependencies
I'd like to add to the answer my view on these dependencies explanations
dependencies are used for direct usage in your codebase, things that usually end up in the production code, or chunks of code
devDependencies are used for the build process, tools that help you manage how the end code will end up, third party test modules, (ex. webpack stuff)
In short
Dependencies - npm install <package> --save-prod installs packages required by your application in production environment.
DevDependencies - npm install <package> --save-dev installs
packages required only for local development and testing
Just typing npm install installs all packages mentioned in the
package.json
so if you are working on your local computer just type npm install and continue :)
Dependencies vs dev dependencies
Dev dependencies are modules which are only required during development whereas dependencies are required at runtime. If you are deploying your application, dependencies has to be installed, or else your app simply will not work. Libraries that you call from your code that enables the program to run can be considered as dependencies.
Eg- React , React - dom
Dev dependency modules need not be installed in the production server since you are not gonna develop in that machine .compilers that covert your code to javascript , test frameworks and document generators can be considered as dev-dependencies since they are only required during development .
Eg- ESLint , Babel , webpack
#FYI,
mod-a
dev-dependents:
- mod-b
dependents:
- mod-c
mod-d
 dev-dependents:
- mod-e
dependents:
- mod-a
----
npm install mod-d
installed modules:
- mod-d
- mod-a
- mod-c
----
checkout the mod-d code repository
npm install
installed modules:
- mod-a
- mod-c
- mod-e
If you are publishing to npm, then it is important that you use the correct flag for the correct modules. If it is something that your npm module needs to function, then use the "--save" flag to save the module as a dependency. If it is something that your module doesn't need to function but it is needed for testing, then use the "--save-dev" flag.
# For dependent modules
npm install dependent-module --save
# For dev-dependent modules
npm install development-module --save-dev
Dependencies
These are the packages that your package needs to run, so they will be installed when people run
npm install PACKAGE-NAME
An example would be if you used jQuery in your project. If someone doesn't have jQuery installed, then it wouldn't work. To save as a dependency, use
npm install --save
Dev-Dependencies
These are the dependencies that you use in development, but isn't needed when people are using it, so when people run npm install, it won't install them since the are not necessary. For example, if you use mocha to test, people don't need mocha to run, so npm install doesn't install it. To save as a dev dependency, use
npm install PACKAGE --save-dev
Peer Dependencies
These can be used if you want to create and publish your own library so that it can be used as a dependency. For example, if you want your package to be used as a dependency in another project, then these will also be installed when someone installs the project which has your project as a dependency. Most of the time you won't use peer dependencies.
dependencies: packages that your project/package needs to work in production.
devDependencies: packages that your project/package needs to work while development but are not needed on production (eg: testing packages)
peerDependencies: packages that your project/package needs to work in tandem with (“colaborating” with them) or as a base, useful mainly when you are developing a plugin/component to let know with which version of the “main” package your plugin/component is supposed to work with (eg: React 16)
When trying to distribute an npm package you should avoid using dependencies. Instead you need to consider adding it into peerDependencies.
Update
Most of the time dependencies are just a bunch of libraries that describes your ecosystem. Unless, you're really using a specific version of a library you should instead let the user choose whether or not to install that library and which version to choose by adding it into the peerDependencies.
dependencies are required to run, devDependencies only to develop
When using Webpack to bundle a frontend application, the distinction between dependencies and devDependencies is not so clear. For the final bundle, it doesn't matter where you place the dependencies (but it may be important for other tools). That's why the documentation seems confusing.
I found the explanation here: Do "dependencies" and "devDependencies" matter when using Webpack?

Npm - how to manage one-repo, multi-package codebase

I’m building a node.js app that needs to be scalable and maintainable. The idea is to have one repository, but with more than one module inside it.
We are using local modules with npm, but we have a problem is that when we update a modules npm won’t update the dependent services.
here an example of the package.json
// ./app/package.json
{
"dependencies": {
"error-lib": "file:../modules/error-lib"
},
"scripts": {
"start": "node app.js",
"debug": "node --inspect-brk app.js",
},
"main": "app.js",
}
// ../modules/error-lib/pacjake.json
{
"name": "error-lib",
"version": "1.0.0",
"main": "index.ts"
}
I have one problem when a developer updates the error-lib module, an npm install command won't update the old error-lib inside app/node_modules.
I don't want to bump the version of the modules on every change because they follow the same versioning and release lifecycle.
And I don't want to rm -rf modules manually every time.
Any idea on how to automate a repo with many local modules?
TL;DR (Why one repo, many local modules)
We came from a Java background, where we have a single repo multi-module architecture managed by maven.
What we do in maven is to isolate services, common-library, data model in isolated modules.
We have only one repo for all the modules and service since everyone follows the same release cycle with a uniform versioning.
When a developer needs to apply some change he or she can update one of the modules or the services and maven will take care of every dependency and the code will be up to date and ready to rock.
But we want separate modules for many reasons:
This will force us to decouple the functionality and make code reusable since every module can virtually be placed in a separate repo at any time.
If some module will become usable outside of the repo can be externalized and maintained.
We want to achieve the same design for a new part in node.js
Looks like you need $ npm link instead, creating symlinks to your packages within ./app/node_modules. This way, the linked packages are always 'up-to-date'.
Linking a package is a 2-step process:
$ npm link at ../modules/error-lib creates a symbolic package in your global node_modules folder under the name error-lib, specified in ../modules/error-lib/package.json its "name" value.
$ npm link error-lib at ./app to create the second link inside ./app/node_modules to <global-node_modules>/error-lib.
more about npm link
Edit in response to your comment:
I've seen some drawbacks of npm link:
the dependency is not listed in the app package.json, so how I know which dependency I'm linking?
the node_modules is not committed on the repo, so the CI/CD will need to do the linking while listing modules/error-lib inside the app package.json I have a place to take track of the dependencies.
There is any best practice on how to automate npm link or to mitigate the drawbacks?
NPM packages are supposed to be distributed through the npm registry. This means that your error-lib package also should be distributed this way, and be installed as any other package. This will require you to list your package in the package.json file in advance, which is essentially what you want.
If you instead intend to keep everything in one place there is no use in using NPM at all. Just resolve your packages with relative import paths in your software.
Since you said that all the packages follow the same release cycle as your main software, and they live in the same repo, why would you resolve these packages with NPM while they seem more like just part of the software?
error-lib is either a package, or it is not. If it is, it ideally has its own CI/CD pipeline, as large or tiny as required, involving testing, building and distribution. This pipeline is then to be run before the pipeline of your dependent repositories.

How to verify an object instance? instanceof and ....prototype.isPrototypeOf(...) are not reliable [duplicate]

Whenever I make projects, I have to download all dependencies of node modules. Without copying the node_modules, Is there anyway to share the central node_modules in multiple projects?
like the followings, I have to run many commands every time..
npm install gulp-usemin
npm install gulp-wrap
npm install gulp-connect
npm install gulp-watch
npm install gulp-minify-css
npm install gulp-uglify
npm install gulp-concat
npm install gulp-less
npm install gulp-rename
npm install gulp-minify-html
You absolutely can share a node_modules directory amongst projects.
From node's documentation:
If the module identifier passed to require() is not a native module,
and does not begin with '/', '../', or './', then node starts at the
parent directory of the current module, and adds /node_modules, and
attempts to load the module from that location.
If it is not found there, then it moves to the parent directory, and
so on, until the root of the file system is reached.
For example, if the file at '/home/ry/projects/foo.js' called
require('bar.js'), then node would look in the following locations, in
this order:
/home/ry/projects/node_modules/bar.js /home/ry/node_modules/bar.js
/home/node_modules/bar.js /node_modules/bar.js
So just put a node_modules folder inside your projects directory and put in whatever modules you want. Just require them like normal. When node doesn't find a node_modules directory in your project folder, it will check the parent folder automatically. So make your directory structure like this:
-myProjects
--node_modules
--myproject1
---sub-project
--myproject2
So like this, even your sub-project's dependencies can draw on your main node_modules repository.
One drawback to doing it this way is you will have to build out your package.json file manually (unless someone knows a way to automate this with grunt or something). When you install your packages and add the --save arg to an npm install command it automatically appends it to the dependencies section or your package.json, which is convenient.
Try pnpm instead of npm.
pnpm uses hard links and symlinks to save one version of a module only ever once on a disk.
If you have npm installed, you can install in your terminal with:
npm install -g pnpm
To update your existing installations (and sub-directories) use:
pnpm recursive install
Or use the shorthand command (leave off -r if you need to target only one directory)
pnpm -r i
One helpful note: You may find some rare packages don't have all their dependencies defined. They might rely on the flat node_modules file directory structure of npm or yarn installs. If you run into issues of missing dependencies, use this command to hoist all the sub dependencies into a flat-file structure:
pnpm install --shamefully-hoist
It's best to avoid using the --shamefully-hoist flag as it defeats the purpose of using pnpm in the first place, so try using the command pnpm i your-missing-package first (See pnpm FAQ).
I found a trick, just take a look at the Symbolic Links (symlinks) on Windows or Linux, it is working just like shortcuts but more powerful.
Simply you need to make a Junction for your node_modules folder anywhere you want. The junction is nothing but a short cut to your original node_modules folder. Create it inside your project folder where the actual node_modules would have been created if used npm install.
To achieve this you need at least one node_modules real folder then make a Junction to it in the other projects.
On Windows, you can either use the Command Prompt, or use an application. Using the Command Prompt gives you a bit more control, using an application is easier I suggest Link Shell Extension.
Main directory should look like this
node_modules
Project 1
Project 2
Project 3
Project 4
just open the file Project 1/.angular-cli.json
change the schema
"$schema": "./node_modules/#angular/cli/lib/config/schema.json",
to
"$schema": "./../node_modules/#angular/cli/lib/config/schema.json"
and don't forget to create node_modules empty folder inside your project directory
See also npm v7.0.0's support for workspaces
RFC
https://github.com/npm/rfcs/blob/latest/implemented/0026-workspaces.md
Documentation
https://docs.npmjs.com/cli/v7/using-npm/workspaces
By looking at some articles it seems that Lerna
is a good tool for managing multiple projects inside a single directory (monorepo). It supports modules sharing without duplicating the entire packages in every folder and commands to install them in multiple projects.
Javascript monorepos
Monorepos by example
Building large scale apps in a monorepo
pnpm is also a simple and efficient tool, which doesn't duplicate those modules which are already installed for other projects.
Let's assume that having a single node_modules it should contain all the packages for all applications. thus your apps will also share most of the unique package.json entries (just the name should change)
my idea would be to have a single root and multiple src level as below
root\package.json
root\node_modules
root\\..
root\app1\src\\..
root\app2\src\\..
the only issue you might face would be having a backup of json (or tsconfig) for any app and restore them when you work on it or setup your startup scripts to serve any app

Categories

Resources