stackoom
  简体   繁体   中英

How can I successfully lock down node module dependencies in a monorepo?

 原文  2017-09-29 15:51:07       node.js/ npm/ yarnpkg/ lerna

Question

I'm working on an open source project which is currently using lerna to help manage a single repository with multiple packages. So far, so good, except that every now and then something breaks because we don't currently shrinkwrap anything. I've been trying to do some monorepo version of shrinkwrapping so that we're not at the mercy of all our dependencies (it's amazing how often everything goes wrong in the middle of a release!) but have hit a bit of a wall and wondered if I'm even on the right track.

I was originally hoping to use npm shrinkwrap which I was familiar with from previous projects. Unfortunately lerna doesn't appear to support shrinkwrap .

Plan B was to make use of yarn which, after some initial difficulties, seemed to be going ok after switching to using yarn workspaces- at least I think yarn install --frozen-lockfile was doing what I wanted.

Unfortunately, other than dependency locking, yarn doesn't seem to be helping- everything worked with npm and lerna, but lerna and yarn workspaces seems to be causing issues resolving modules (even resolving something in the same directory which is baffling).

Maybe switching to yarn is overkill anyway so I started wondering if more recent versions of npm and package-lock.json would be a better idea. Unfortunately that looks like it would need some work arounds with lerna at which point I'm beginning to wonder how much lerna is really adding. Maybe dropping lerna would help?

So, tl;dr , does anyone have a good way of locking down module dependencies in a monorepo?

2 answers

solution1
 0  2018-10-22 20:43:14

I'd suggest simply using exact versioning; so in your package.json files where there are version numbers for dependencies like ^3.4.2 , changing it to 3.4.2 . The ^ (or ~ ) before the number suggest a version range. You can get that to happen with the save exact config option : --save-exact flag or by placing save-exact=true in a .npmrc file in the repo. lerna add also supports anexact option .

Hope that helps!

solution2
 0  2020-10-23 17:24:31

yarn is a production ready package manager that natively supports monorepos :)

When using yarn workspaces , there is no need to use lerna as a monorepo manager as well at the same time.

You can use other features of lerna if you want, but there is no reason to use lerna for installing monorepos (which are already uses yarn).

If there is a specific errors when installing/managing monorepo using yarn , please add them to the question.

Notes:

  • --frozen-lockfile doesn't do anything in yarn monorepo. yarn has a open issue on that which I think won't resolve soon.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How can I split my node module down into additional files? How to lock down npm dependencies in a cloud function node js how can I see if the query executes successfully with pg? How can I install node.js successfully on Ubuntu 13.10? How do I import an individual module in a monorepo project in JavaScript/NPM successfully compiled custom node.js module how do I use it Can Node.js pass down node_modules dependencies? How can I unflatten the node module? Building monorepo babel-transpiled node JS application with dependencies How can I zip Node Lambda dependencies in AWS CDK stack?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM