NPM:我应该使用依赖项之一的依赖项,还是应该在根级别将其明确安装到项目中?
[英]NPM: should I use one of my dependencies' dependencies, or should I explicitly install it into the project at the root level?
问题描述
TL;DR Summary 
TL; DR摘要
(I'm using Lodash as an example here, but it could be any other package) (我在这里以Lodash为例,但可以是其他任何软件包)
In addition to using Lodash for its own purposes, my application also needs to import JavaScript from an NPM package that I created. 除了将Lodash用于自身目的外,我的应用程序还需要从我创建的NPM包中导入JavaScript。 The JavaScript in this package relies on Lodash as well. 该软件包中的JavaScript也依赖Lodash。 It's possible that each codebase may have installed a different version of Lodash. 每个代码库可能安装了不同版本的Lodash。 If JavaScript in my application and JavaScript in the installed package both import the same Lodash functions, then I want to avoid having to bundle two different versions of the same function. 如果我的应用程序中的JavaScript和已安装的软件包中的JavaScript都导入了相同的Lodash函数,那么我想避免必须捆绑同一函数的两个不同版本。 I understand that NPM is able to resolve the dependencies and that nothing will break, but the size of my application's JavaScript bundle will continue to grow as each codebase uses functions from different versions of the same libraries. 我知道NPM能够解决依赖关系,并且一切都不会中断,但是随着每个代码库使用同一库的不同版本的功能,我的应用程序的JavaScript捆绑包的大小将继续增长。 It sounds like the only way to keep the versions in sync is to continuously monitor them and upgrade manually when appropriate, or to use the version provided by the installed package directly, without ever installing it into my application's own package.json . 听起来保持版本同步的唯一方法是连续监视它们并在适当时手动升级,或者直接使用已安装软件包提供的版本,而无需将其安装到应用程序自己的package.json 。 Is doing the latter a bad idea and is there no better way? 这样做是一个坏主意,还有没有更好的方法吗?
Original Question 原始问题
At my company, we've created a Git repository that houses most of our UI component code. 在我的公司,我们已经创建了一个Git存储库,其中存储了我们大多数的UI组件代码。 This repository also contains a static site generator, which transforms our UI component code into a "living style guide" website. 该存储库还包含一个静态网站生成器,它将我们的UI组件代码转换为“生活风格指南”网站。 The purpose of this website is to document and showcase our UI components on the web (similar to how PatternLab works). 该网站的目的是在网络上记录和展示我们的UI组件(类似于PatternLab的工作方式)。
We also distribute this code via NPM, so that it can be shared across multiple projects. 我们还通过NPM分发此代码,以便可以在多个项目之间共享。 Each project installs the NPM module as a dependency, then imports the SASS and JavaScript files contained within. 每个项目都将NPM模块安装为依赖项,然后导入其中包含的SASS和JavaScript文件。 The JavaScript has been written in ES6 and has not been bundled or transpiled. JavaScript已用ES6编写,尚未捆绑或转译。 We've intentionally chosen not to distribute browser-ready code. 我们有意选择不分发浏览器就绪代码。 Instead, each project is responsible for compiling its own SASS and bundling/transpiling its own JavaScript. 相反,每个项目负责编译自己的SASS并捆绑/编译自己的JavaScript。
Most of our UI component JavaScript is simple and does not depend on any third-party libraries, so it's easy to import into our projects. 我们的大多数UI组件JavaScript都很简单,并且不依赖于任何第三方库,因此很容易导入到我们的项目中。 However, some of our newer, more complex components rely on NPM packages such as Lodash, which presents a problem. 但是,我们一些较新的,更复杂的组件依赖于NPM软件包,例如Lodash,这带来了问题。
Obviously, we need to install Lodash in order for the static site generator to showcase our Lodash-reliant components inside of a web browser. 显然,我们需要安装Lodash才能使静态网站生成器在Web浏览器中展示我们依赖Lodash的组件。 Similarly, projects that consume the NPM package will also need to install Lodash, in order to create instances of these same components. 同样,使用NPM软件包的项目也需要安装Lodash,才能创建这些相同组件的实例。 This forces us to install Lodash twice: once in the UI component project, then again in the project that consumes the NPM package. 这迫使我们两次安装Lodash:一次在UI组件项目中,然后再次在使用NPM软件包的项目中安装。 This is problematic because the two projects could potentially install different versions of Lodash, which could lead to compatibility issues and/or increase the size of our JavaScript bundle. 这是有问题的,因为这两个项目可能会安装不同版本的Lodash,这可能会导致兼容性问题和/或增加我们的JavaScript包的大小。
One solution that I've discovered is to include Lodash under dependencies instead of devDependencies , in the UI component project. 我发现的一种解决方案是在UI组件项目devDependencies包含在dependencies项下, dependencies不是devDependencies下。 This way, when external projects install the UI component NPM module, Lodash will be installed along with it. 这样,当外部项目安装UI组件NPM模块时,Lodash将与其一起安装。 This gives the project "free" access to Lodash without needing to explicitly install it itself. 这样,项目就可以“免费”访问Lodash,而无需自己明确安装。 This is possible because NPM installs packages in a single, flat directory hierarchy, so it doesn't seem to matter if your project installs a package directly or if one of its dependencies exposes it as a dependency in it's own package.json . 这是可能的,因为NPM在单个平面目录层次结构中安装程序包,因此,项目直接安装程序包还是其依赖项之一将其公开为自己的package.json的依赖项似乎并不重要。 This eliminates version conflicts, since you don't have to install the package twice. 这样就消除了版本冲突,因为您不必两次安装该软件包。
My question is, does this violate NPM best practices or is this how NPM is intended to work? 我的问题是,这是否违反了NPM最佳做法,或者这是NPM打算如何工作的? After reading the NPM documentation and Googling for answers, it doesn't seem like this should be a problem. 在阅读了NPM文档并搜索了答案之后,看来这应该不是问题。 However, if what I'm suggesting is a bad idea, how else can I accomplish what I'm trying to do? 但是,如果我的建议不是一个好主意,那么我还能如何完成我想做的事情?
Here's a quick visual aid: 这是快速的视觉辅助:
main.js
node_modules/
lodash/
foo/
bar.js
node_modules/
lodash/
main.js imports and uses Lodash. main.js导入并使用Lodash。 It also imports foo/bar.js , which uses Lodash too, but a potentially different version. 它还导入foo/bar.js ,它也使用Lodash,但版本可能不同。 Both files are ES6. 这两个文件都是ES6。 main.js gets bundled and transpiled before being sent to the browser. main.js在发送到浏览器之前先进行捆绑和编译。
1 个解决方案
解决方案1
1 已采纳 2017-05-20 05:48:20
if is something you are directly using you should specify it in your package.json . 如果是直接使用的东西,则应在package.json指定它。 it will be installed anyways but this way it will ensure that if your dependency removes that package as a dependency your project won't break 无论如何都会安装它,但是这样可以确保如果您的依赖项将该软件包作为依赖项删除,则您的项目不会中断
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.