Yarn import now uses package-lock.json
转发自: https://yarnpkg.com/blog/2018/06/04/yarn-import-package-lock/?utm_source=tuicool&utm_medium=referral
Posted Jun 4, 2018 by Aram Drevekenin
For a while now, the JavaScript ecosystem is a host to a few different dependency lock file formats, including yarn’s yarn.lock
and npm’s package-lock.json
.
We are quite excited to announce that as of 1.7.0
yarn is able to import its dependency tree from npm’s package-lock.json
natively, without external tools or clunky processes.
This will no doubt come as great news for developers working in mixed npm/yarn environments or wanting to try yarn out on existing projects.
All you need to do is issue the yarn import
command in a repository with a package-lock.json
file, and yarn will use the resolution information from the existing package-lock.json
file and a corresponding yarn.lock
file will be created.
This feature is one of the first fruits of a continuing collaboration between the maintainers of the two package managers. We feel strongly about the two tools being aware of each other and providing an easy transition path between them. If you are interested or want to help, head over to the related GitHub issue.
How does it work under the hood
Previously, yarn import
would rely on a package’s node_modules
directory to determine the fixed versions to which the the new yarn.lock file needs to resolve its semver ranges. Now, it falls back to this behaviour if it cannot find a package-lock.json
file.
When it does, yarn creates a dependency tree using npm-logical-tree from the package.json
and package-lock.json
in the project’s root directory. It then uses the fixed versions in that tree to create its own yarn.lock
lockfile. The resulting yarn.lock
will have all the exact fixed versions specified in package-lock.json
. Ready to be installed and committed in your repository.
Limitations
The two lockfile formats and contents are different. Each have their own priorities, guarantees and trade-offs in terms of determinism, consistency and more. Since yarn.lock
chooses only to store the logical dependency tree, preferring to future-proof for potential physical tree and hoisting optimizations, there are certain nuances that package-lock.json
expresses that yarn.lock
cannot.
One example would be:
// package-lock.json (slightly simplified for clarity)
{
"name": "nuanced-dependency-tree",
"dependencies": {
"a": {
"version": "9.9.9",
"requires": {
"c": "^1.0.0"
},
"dependencies": {
"c": {
"version": "1.0.1"
}
}
},
"b": {
"version": "8.8.8",
"requires": {
"c": "^1.0.0"
}
},
"c": {
"version": "1.0.5"
}
}
}
Here, we have both packages a
and b
which require the same semver range of package c
: ^1.0.0
and get different versions: 1.0.1
and 1.0.5
respectively.
This would be imported to yarn as:
// yarn.lock (slightly simplified for clarity)
a@9.9.9
version "9.9.9"
dependencies:
c "^1.0.0"
b@8.8.8
version "8.8.8"
dependencies:
c "^1.0.0"
c@^1.0.0
version "1.0.5"
Here b
’s dependency c
would change its locked version from 1.0.1
to 1.0.5
because yarn.lock
cannot express this duplication. Yarn chooses and aims to have a single resolved version for all compatible version ranges. While in most cases such minor changes should not have much effect - we encourage you to use this feature with care. You can still override ranges if you need to, using the selective version resolutions feature in yarn.
Future plans
Currently, we’re planning to add some warnings to users who use both yarn
and npm
in the same repository to install packages. If there’s a need, we might also try to expand this feature to other lock file formats. If you’d like to point out other issues of interoperability, or try your hand at fixing them - we encourage you to file an issue or better, fix one by sending a PR.
We highly recommend you to delete the package-lock.json
file if you decide to use yarn in order to avoid future confusion and possible consistency issues.
Yarn import now uses package-lock.json的更多相关文章
- yarn import 使用package-lock.json
yarn 1.7(目前最新的版本)支持npm 的package-lock.json 了 环境准备 安装更新yarn sudo npm install -g yarn 查看版本 yarn version ...
- Python 相对导入attempted relative import beyond top-level package
ValueError: attempted relative import beyond top-level package 假设有如下层次包目录 project/ __init__.py mypac ...
- Python导入自定义类时显示错误:attempted relative import beyond top-level package
显示这个错误可能有两个原因: 1.文件夹中没有包含__init__.py文件,该文件可以为空,但必须存在该文件. 2.把该文件当成主函数入口,该文件所在文件夹不能被解释器视作package,所以可能导 ...
- python项目内import其他内部package的模块的正确方法
转载 :https://blog.csdn.net/u011089523/article/details/52931844 本文主要介绍如何在一个Python项目中,优雅的实现项目内各个package ...
- ValueError: attempted relative import beyond top-level package
python 项目 在pycharm中, 在某个文件夹下: 右键--> mark directory as --> source root 如何在python脚本或者shell中 用代码实 ...
- npm和yarn的区别,我们该如何选择?
首先,这两个都属于js包管理工具,都可以安装包或者模块yarn 是由facebook.google等联合开发推出的区别: npm 下载包的话 比如npm install它是按照包的排序,也就是队列挨个 ...
- npm和yarn使用
npm和yarn使用 他们都属于js包管理工具,都可以安装包或者模块yarn 是由facebook.google等联合开发推出的 区别: npm 下载包的话 比如npm install,它是按照包的排 ...
- vue.config.json CopyWebpackPlugin 没有生效
本地生效,服务器不生效. 因为是jenkinis构建,没有留意到报错.后来发现错误:ENOENT: no such file or directory, rename 解决方法就是:删除package ...
- 解决npm ERR!Unexpected end of JSON input while paring near (解析附近时JSON输入意外结束)'...."^2.0.0-rc.0","glob"'等npm install错误
摘要 最近更新了一次node,但是更新后npm的命令总是会报 npm WARN deprecated fsevents@2.0.6: Please update: there are crash fi ...
随机推荐
- uva1025 dp
这题说的是给了n个车站 从1号 车站到 n号车站,有m1辆车从1 开往n 有m2 辆车从n 开往1 一个人从1 车站 到达n 车站在T 时刻 要求再 车站呆的时间尽量少 dp[i][j] 表示 在 第 ...
- jmeter命令行运行与生成报告
一. 使用命令行方式运行Jmeter 1.1 为什么 使用GUI方式启动jmeter,运行线程较多的测试时,会造成内存和CPU的大量消耗,导致客户机卡死. 所以正确的打开方式是在GUI模式下调 ...
- Flex开发框架cairngorm入门实例
Cairngorm是flex开发的mvc框架,现在在 adobe旗下.它架构和eclipse插件开发gef架构很相似,具体工作原理如下: 该框架就是一个Cairngorm.swc文件,大家可以到Cai ...
- c++生成算式并计算(《构建之法》第一章课后第一题)
c++实现计算器(自动生成算式并计算) 要满足的需求有以下几个: 自动生成随机的四则运算算式,包含括号和小数. 对生成的算式计算出结果. 算式.结果分别存储到不同的文件. 一 生成算式 由上述需求可知 ...
- 导入tensorflow:ImportError: libcublas.so.9.0: cannot open shared object file: No such file or director【转】
本文转载自:https://blog.csdn.net/ksws0292756/article/details/80034086 版权声明:本文为博主原创文章,转载请一定附上博主原文链接,并署名转自Z ...
- AOP 增强方法
Spring AOP 提供了 5 种类型的通知,它们分别是 Before Advice(前置通知).After Returning Advice(后置通知).Interception Around A ...
- Java多线程 线程状态及转换 wait sleep yield join
线程的状态转化关系(1). 新建状态(New):新创建了一个线程对象.(2). 就绪状态(Runnable):线程对象创建后,其他线程调用了该对象的start()方法.该状态的线程位于可运行线程池中, ...
- BZOJ 2876 【NOI2012】 骑行川藏
题目链接:骑行川藏 听说这道题需要一些高数知识 于是膜了一发dalao的题解……然后就没了…… 不要吐槽我的精度TAT……eps设太小了就TLE,大了就Wa……我二分的边界是对着数据卡的…… 下面贴代 ...
- (CLR via C#学习笔记)任务和并行操作
一 任务 可以调用ThreadPool的QueueUserWorkItem方法发起一次异步的计算限制操作.但这个技术有很多限制.最大的问题是没有内建的机制让你知道操作在什么时候完成和操作完成时的返回值 ...
- Linux命令详解-echo
echo会将输入的字符串送往标准输出.输出的字符串间以空白字符隔开,并在最后加上换行号. 1.命令格式: file [ -bchikLnNprsvz ] [ -f namefile ] [ -F se ...