Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Evaluate Other Node Package Managers #349

Closed
nlordell opened this issue Apr 3, 2024 · 1 comment · Fixed by #420
Closed

Evaluate Other Node Package Managers #349

nlordell opened this issue Apr 3, 2024 · 1 comment · Fixed by #420
Assignees
@mmv08

Comments

@nlordell
Copy link
Collaborator

nlordell commented Apr 3, 2024
edited
Loading

Currently, we use NPM workspaces to some success. However there are some rough edges, for example:

  • Workspace package dependencies don't correctly link bin when they are generated in the package's build step (workaround:

    safe-modules/package.json

    Line 14 in cc9c764

    "postinstall": "npm rebuild --skip-scripts @safe-global/safe-4337-local-bundler"
    )
  • Workspace packages don't have deterministic build order, which causes issues (workaround:

    safe-modules/modules/passkey/package.json

    Line 45 in cc9c764

    "prepare": "npm run build -w ../4337 && npm run build"
    )
  • Issues with platform specific dependencies

All in all, it would be nice to evaluate alternatives and see if there are any advantages to switching to a different package management system.
@nlordell nlordell assigned mmv08 and unassigned mmv08 Apr 12, 2024
@mmv08 mmv08 mentioned this issue May 15, 2024
Merged
@mmv08
Copy link
Member

mmv08 commented May 15, 2024
edited
Loading

So the two package managers I evaluated were yarn vs pnpm. Yarn is unclear, with multiple major versions and a mediocre adoption rate. So, the only thing left is pnpm, which seems to be a good choice:

  1. People seem to like it: https://www.reddit.com/r/typescript/comments/1ainj58/pnpm_vs_yarn_v4/
  2. A lot of high-profile projects use PNPM workspaces feature: https://pnpm.io/workspaces
  3. Yarn v4 seems to be too visionary with many advanced features that we do not need: https://www.perplexity.ai/search/pnpm-vs-yarn-nlnLX4JzRoOCyRH1vMz7Xw. There's already a certain level of a learning curve for pnpm with its strict approach to transitive dependencies

PoC is in #420

mmv08 added a commit that referenced this issue May 16, 2024
@mmv08 @nlordell
Pnpm experiment (#420)
894ac3f 
This PR:
- Fixes #349 
- Upgrades the certora-cli version used on Github actions to `7.3.0` 

PNPM is more strict about transitive dependencies and sometimes strange
things happen with module resolution unless the dependency is explicitly
stated in `package.json` and imported. I added comments to highlight
such cases.

@nlordell please test this change on linux :)

---------

Co-authored-by: Nicholas Rodrigues Lordello <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mmv08 mmv08

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Pnpm experiment safe-global/safe-modules
2 participants
@nlordell @mmv08