Yarn Import now uses Package-lock.json

Source: Internet
Author: User
Tags ranges

Forwarded from: Https://yarnpkg.com/blog/2018/06/04/yarn-import-package-lock/?utm_source=tuicool&utm_medium=referral

Posted June 4, 2018 by Aram Drevekenin

for a while now, the JavaScript ecosystem is a host to a few different dependency lock file formats including yarn ' s   yarn.lock   and NPM ' s   package-lock.json .

We are quite excited to announce, as of 1.7.0 yarn is able to import its Dependenc Y tree from NPM ' s package-lock.json natively, without external tools or clunky processes.

This would no doubt come as great news for developers working in mixed npm/yarn environments or wanting to try yarn out on Existing projects.

all you need to does is issue the   Yarn import   command in a repository with a   package-lock.json file, and yarn would use the resolution information from the existing   package-lock.json   file and a corresponding   yarn.lock   file would be created.

This feature is one of the first fruits of a continuing collaboration between the maintainers of the. We feel strongly about the both tools being aware of each other and providing a easy transition path between them. If you is interested or want to help, head over to the related GitHub issue.

How does it work under the hood

Previously, yarn import would rely on a package ' s node_modules directory to determine the fixed ver Sions to which the new Yarn.lock file needs to resolve its semver ranges. Now, the It falls back to this behaviour if it cannot find a package-lock.json file.

When it does, yarn creates a dependency tree using Npm-logical-tree From the package.json and package-lock.json In the project ' s root directory. It then uses the fixed versions in so tree to create its own yarn.lock Lockfile. The resulting yarn.lock 'll has all the exact fixed versions specified in package-lock.json. Ready to being installed and committed in your repository.

Limitations

the, lockfile formats and contents are Different. Each has their own priorities,   guarantees and trade-offs in terms of determinism, consistency and more. Since   yarn.lock   chooses only to store the logical dependency tree, preferring to future-proof for Pote Ntial physical tree and hoisting optimizations, there is certain nuances that   package-lock.json   expresses that   yarn.lock cannot.

One example would be:

// package-lock.json (slightly simplified for clarity){  "name": "nuanced-dependency-tree",  "dependencies": {    "a": {      "version": "9.9.9",      "requires": {        "c": "^1.0.0"      },      "dependencies": {        "c": {          "version": "1.0.1"        }      }    },    "b": {      "version": "8.8.8",      "requires": {        "c": "^1.0.0"      }    },    "c": {      "version": "1.0.5"    }  }}

Here, we have both packages a and b which require the same semver range of package c^1.0.0 and get different versions: 1.0.1 and 1.0.5 respectively.

This would is imported to yarn as:

// yarn.lock (slightly simplified for clarity)[email protected]  version "9.9.9"  dependencies:    c "^1.0.0"[email protected]  version "8.8.8"  dependencies:    c "^1.0.0"[email protected]^1.0.0  version "1.0.5"

Here b' s dependency c Would change it locked version from 1.0.1 To 1.0.5 Because yarn.lock Cannot express this duplication. Yarn chooses and aims to has a single resolved version for all compatible version ranges. While in the most cases such minor changes should is not having much effect-we encourage you to use this feature with care. Can still override ranges if you need to, using The selective version resolutions feature in yarn.

Future plans

Currently, we ' re planning to add some warnings to users who use both yarn and npm I n the same repository to install packages. If there ' s a need, we might also try to expand the feature to other lock file formats. If you ' d like-to-point-out other issues of interoperability, or try your hand at fixing them-we encourage you to file an issue or better, fix one by sending a PR.

We highly recommend you to delete package-lock.json the File If you decide to use yarn in order to avoid the future confusion and possible consistency issues.

Yarn Import now uses Package-lock.json

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.