Replies: 1 comment 2 replies
-
|
Interesting findings! A fast but (due to human factors weak) way around could be to enforce checking in both package files? Yes, Yarn might be worth to take a look at with these topics in mind, didn't experiment with version 2 yet. Also, the |
Beta Was this translation helpful? Give feedback.
-
We could let the |
Beta Was this translation helpful? Give feedback.
-
|
One could have something based on npm/cli#2701 (comment) in a pre-commit hook. We encountered this while migrating where Jenkins would still use an older node version and thus we needed to keep an older FYI @henninggross |
Beta Was this translation helpful? Give feedback.
-
This is related to #147 and how the node typescript toolset builds:
ods-pipeline/build/package/scripts/build-typescript.sh
Lines 81 to 82 in b0c1b2c
I expected that
npm ciwould takepackage-lock.jsonas its source of truth, never install any bits not specified by hashes in the lock file and perhaps also thatnpm ciwould fail ifpackage-lock.jsonis inconsistent withpackage.json. Unfortunately exactly if these files are inconsistentnpm cidoes install stuff compatible with package.json even if these bits are not blessed by the hashes in the lock file. Aspackage-lock.jsonis generated/updated by npm install, this situation can easily happen if one forgets to check in bothpackage.jsonandpackage-lock.json. Details are discussed in [BUG]npm cisucceeds whenpackage-lock.jsondoesn't matchpackage.json· Issue #2701 · npm/cli.Nonetheless I investigated how to introduce caching with
npm ciusing npm version 8.1.2.npm always uses a cache. By default this is located at
~/.npm, but the location can be changed via npm config as well as with a command line flag--cache <dir>or via an environment variable.Following is a summary of my observations.
npm ciandnpm i(npm install) were equally fast if usednode_modulesas well asnode_modulesPerformance of using the npm cache appears to be mostly independent of the cache size.
On my local system for a case with 363 packages it took around 15s to install from scratch (with an empty cache and no node_modules) and ~ 7s with a cache, so the time was reduced to about half.
In the ods-pipeline (which also has no cache or existing node_modules) on OpenShift it took around 15s as well.
npm ciis slower whennode_modulesare present as it will first delete it. The perceived performance was similar torm -rf node_modules. The issue is discussed in Do not remove node_modules on npm ci. This can take considerable time if there are many packages installed. In the same issue a workaround is detailed which skips invokingnpm ciifpackage-lock.jsonhas not changed compared to the prior build. This would be viable assuming the problem described initially was fixed.npm cislowed down to take about twice as long whenpackage-lock.jsonwas written by an earlier npm version. Instead of failing the command tries to do its best which again can cause undesirable bits to get into the build.npm iis very fast (less than 1s) ifnode_moduleswas up to date even with an empty cache. Asnpm ciis wipingnode_modulesthis is where the widest performance gap happens.I believe there is no way to change where node_modules resides, but have not investigated this deeply.
Given the mentioned issues it appears we should give serious consideration to using
yarn(https://yarnpkg.com) instead of npm. I have not yet researched yarn at all and have no experience with it. Thanks for reading and let me know your thoughts on whether yarn is viable for replacing npm.Beta Was this translation helpful? Give feedback.
All reactions