Is there any Yarn 2+ equivalent to yarn install --modules-folder C:/some_folder command from Classic Yarn?
I've searched like crazy and haven't found any simple way to replicate the seemingly basic option they removed for some reason.
The only viable options I've found so far are to do a regular yarn install, then create a symlink from the "--modules-folder" to the actual node_modules folder. Or to just move the entire folder after the install finishes.
I'd like to avoid both of these as they are clunky, and either potentially buggy or significantly worse in performance than just doing an install in the desired location to begin with.
Any help would be much appreciated
Related
I run into this problem pretty frequently while developing react applications. The latest is hwid. I am using yarn to manage dependencies.
I added the module using
yarn add hwid
It added it to the package.json file and gave me no errors. When I run the application, it says it is unable to find the module. The module is there in node_modules and everything seems to be correct and in place. So I tried deleting node_modules and running yarn install. I've done this several times. I tried force cleaning the npm cache. I have run yarn remove and yarn add several times.
I am using the WebStorm IDE. It gives me no errors, and in fact, if I let it resolve the import, it finds it just fine. This seems to only happen to me in react projects. I think, but I'm not sure, that it is usually typescript modules that give me problems.
Is there a magic bullet for this? The module is a pretty critical part of my app, so if I can't resolve it using node and react's import system, I'm going to have to just copy the files into my project. I would really rather not do that for obvious reasons.
Any help is appreciated.
If it's about typescript modules, have you tries also installing types of that modulea?
E.g.yarn add #types/hwid
I'm playing with Yarn 2's "zero install" stuff for a minor tool to address one of my boss's random allergies. (He takes umbrage at the expectation of having to run npm i on a cloned repo to make it work and insists putting node_modules into version control is somehow not a godawful idea; so I want to use this as an excuse to sneak in Yarn and also stop him from powering that through.)
As I understand, what "zero install" basically means is Yarn tries to make putting dependency installation state into VCS actually feasible. However, to run the actual app, Yarn needs to replace Node's dependency resolution with its PnP mechanism. This happens automagically for Node instances run from Yarn scripts, but running Yarn scripts requires Yarn to be available. (And remember, we're trying to solve the problem of somebody being arbitrarily stubborn about installing things.)
The best I have is making my start script be npx yarn node app.js, but that feels unnecessarily convoluted; after all, with Yarn 2, the tool itself is stored in .yarn/releases and the global yarn command uses that, but that's a huge minified blob of some bundler's output, I don't know how I'd begin invoking that.
To register PnP runtime produced by Yarn it is enough to just require .pnp.js from command line, so you can run your app.js via:
node -r ./.pnp app.js
There is another way to do the same: you can require .pnp.js from within app, but when you do it not from command line, you must also call setup function on returned PnP API instance, just add this line on top of app.js:
require('./.pnp').setup();
I just watched a talk where the speaker recommended running:
npm config set ignore-scripts true
so that post-install scripts and pre-install scripts of a package don't run. That way, you would avoid a virus in a malicious package.
My question is: After running this command, must I do anything differently to npm install packages and get them to work within a project?
If running this command comes with no additional inconvenience when using npm, then running it would have no downside. It would only help you avoid viruses.
If this was the case, why wouldn't this be the default setting?
I ask because I assume that by ignoring package scripts, npm packages would behave differently and one would have to do more things manually.
I agree with #RobC here. It also disactivated running custom scripts in my package.json completely for me, which obviously is a deal breaker since you can't define and run your custom scripts anymore.
Although it's probably useful to think about these security concerns, I don't think running npm config set ignore-scripts true is the right option. I ran it as well and ended up turning it back off to keep running my custom package scripts.
So the advice from the video ended up being not all too sound, I guess...
If you want to be safe, use '--ignore-scripts' or the config setting, but also use can-i-ignore-scripts.
It helps you find out which scripts exist (especially when you install new dependencies), but prevents automatically executing new scripts which appear with a new version of a library you already use.
I faced a similar problem when some dependencies need running scripts to build platform-specific code with node-gyp.
Would be nice to have an option in ignore scripts per project to enable specific ones to build.
So far decided to stay on ignore-scripts = true globally in .npmrc and using an extra script in my project that basically does this:
#!/bin/bash
set -e
npm explore sqlite3 -- yarn run install
npm explore bcrypt -- yarn run install
p.s. yarn does not have explore
I spent about 12 hours getting my application working again after days and days of not building. I could only do so with npm shrinkwrap
Are there any significant downsides to this? I'd also be open to using yarn if there is some way that could possibly assist with this issue.
Thanks very much!
Well there aren't really downsides to shrinkwrapping your package. I believe it's the preferred way to ship your package. That way you won't have issues with dependencies accidentally being upgraded and possibly messing up your package.
As to the differences between yarn and npm, it seems that yarn is currently the new hot stuff, but for basic usage npm shrinkwrap using npm >= 3 will do the job.
Side Note
Even though it's not a part of the question I would still suggest you re-check the reason your app doesn't work without shrinkwrap. It smells not so good.
Shrinkwrap it looks like would be a nightmare to deal with long term. I came across a feature of Yarn, just added, that creates a yarn.lock file from your node_modules folder (as opposed to from a package.json)
Using yarn import I was able to create a yarn.lock which can be used to reliably install the application's dependencies.
I have a project, which consists of one root node package containing subpackages linked together by npm link - these subpackages depend on each other (listed in package.json dependencies) and the structure basically looks like this:
-rootpackage
--subpackageA
--subpackageB
Lets say subpackageA has dependency on subpackageB, so I link them to avoid publishing/reinstalling subpackageB in subpackageA after every change in the source of subpackageB.
The link works just fine until I run npm update in subpackageA, which causes the subpackageB to be unlinked.
Now, I see two options:
I can theoretically run the npm link operation after each npm install or npm update to ensure the links are always present. This works with postinstall in case of installation, but in case of an update the postinstall is not called. I don't know any postupdate command for npm, which is to be called after update.
Maybe there is a way to do this more cleverly, perhaps with yarn, which I am also using, in a way, that it kind of prevents unlinking or excludes the update for my subpackages, so I don't lose the links between my subpackages, but right now I am not aware of such a way.
Is there any way to make one of those options work or any other way to solve this problem ? I need to keep this and other links so we don't have to run npm link after every installation/update. I can't really find information about this issue anywhere. Btw I am using Node 6.4.0 and NPM 3.10.3.
So the solution is to use Yarn Workspaces or maybe project like Lerna.
Yarn Workspaces is a utility that expects a structure similar to what was described in the question and which maintains the linking subpackages and root automatically. It is very easy to set up (just 2 lines in root package.json and executing yarn for the first time) and after it you don't have to worry about upgrade or install at all, the links stay in place unless you delete them manually.
Lerna expands on that and provides you with additional tooling for managing multipackage projects. It can use Yarn Workspaces internally for the linking if you use yarn but it is not a requirement and works fine with npm. Just make sure to have Git because last time I checked Lerna didn't work with SVN or other VCSs.