yarn.lock和npm的package-lock有什么区别?
[英]What is the difference between yarn.lock and npm's package-lock?
问题描述
I accidentally ran npm install in a project that uses Yarn and noticed that npm created a package-lock.json file. 
我不小心在使用Yarn的项目中运行了npm install ,并注意到npm创建了一个package-lock.json文件。
I know that Yarn spiked in popularity in part because it used a lockfile to produce more reliable and deterministic dependency installations than npm, which for a while only had a crippled shrinkwrap feature , but now I'm not sure what to make of this npm lockfile business and whether there's anything compelling about continuing to use Yarn. 我知道Yarn的受欢迎程度部分是因为它使用了一个锁定文件来生成比npm更可靠和更确定的依赖安装,而npm只有一段时间只有一个残缺的收缩包装功能 ,但是现在我不知道如何制作这个npm lockfile业务以及是否有任何令人信服的继续使用纱线。
So in the spirit of a previous Q and A on StackOverflow on yarn vs shrinkwrap , I ask the following: 因此, 在纱线与收缩包裹的StackOverflow上的先前Q和A的精神中,我问以下问题:
- Are there any substantial differences between the two package managers in terms of reliability any more? 在可靠性方面,两个包管理器之间是否存在实质性差异?
- If not, is there any compelling reason to continue using Yarn besides "More emojis. 🐈"? 如果没有,除了“More emojis。🐈”之外还有任何令人信服的理由继续使用Yarn吗?
1 个解决方案
解决方案1
18 已采纳 2017-09-21 19:58:15
On paper, Yarn and NPM 5 look almost equivalent. 在纸面上,纱线和NPM 5看起来几乎相同。 They both have deterministic lock files and have almost matched each other in functionality. 它们都具有确定性锁定文件,并且在功能上几乎相互匹配。 Some would say that Yarn was the catalyst to get NPM innovating. 有人会说纱线是推动NPM创新的催化剂。
However, after experiencing NPM 5 for a month, my team decided to move to Yarn. 然而,在经历了一个月的NPM 5后,我的团队决定搬到Yarn。
NPM technically has a "more deterministic" lock file in that there is a theoretical guarantee that across NPM versions, NPM will produce the exact same node_modules folder. NPM在技术上具有“更确定性”的锁定文件,因为理论上保证在NPM版本中,NPM将生成完全相同的node_modules文件夹。 On the other hand, Yarn's exact hoisting/ordering of dependencies depends on the Yarn version and could change across Yarn versions. 另一方面,Yarn对依赖项的确切提升/排序取决于Yarn版本,并且可能会在Yarn版本中发生变化。 In general, this has very little impact. 总的来说,这几乎没有什么影响。
Why use Yarn then? 为什么要用Yarn呢? Merging & reliability. 合并和可靠性。
Yarn made the slight determinism trade-off to achieve a much simpler yarn.lock file that is easier to merge. 纱线做了轻微的决定性权衡,以实现更简单的yarn.lock文件,更容易合并。 If you are a solo-developer, this probably will not impact you, but if you are on a team with multiple collaborators committing dependency changes, it quickly becomes a huge problem. 如果您是独立开发人员,这可能不会对您产生影响,但如果您的团队中有多个协作者提交依赖项更改,则很快就会成为一个巨大的问题。 NPM's package-lock is practically un-mergeable and you end up having to re-generate or struggle. NPM的package-lock实际上是不可合并的,你最终不得不重新生成或挣扎。 On the other hand, with Yarn, merges are easy and predictable. 另一方面,使用Yarn,合并很容易且可预测。
See: https://yarnpkg.com/blog/2017/05/31/determinism/ 请参阅: https : //yarnpkg.com/blog/2017/05/31/determinism/
As a side note, we also found Yarn to be more reliable on average. 另外,我们还发现Yarn平均更可靠。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.