Closed J0B10 closed 2 years ago
Whats in the impact on storage / install time? 👀
What exactly do you mean with that? npm workspaces puts all dependencies into a node_modules
like lerna's hoist mode so install size will be roughly the same. I haven't measure how long lerna vs npm workspaces need for installation but its roughly the same.
I haven't tested whether dependabot supports npm workspaces but I assume because it is a offical npm feature and very similar to Yarn workspaces which are supported by dependabot.
Another open point is how we want to build our TypeScript code. Currently we use lerna run
which builds everything in the correct order and parallelizes builds when possible. npm has npm run build --workspaces
but it only executes the build script in one module at a time and has no parallelisation. The TypeScript compiler has its own ways to build multiple modules but I haven't looked into that yet and from what I remember it requires that the path of each project is specified and doesn't allow for wildcards which is kinda limiting.
Switching to Yarn would also a possibility but I don't know whether the newest version is fully supported by dependabot. Most developers have already worked with npm and know how it roughly works so I think it would be good if they can re-use their experience instead of learning a new tool but of course Yarn also has its advantages.
Reopening this because we still need to enable dependabot. Let's hope that it works with npm workspaces as I haven't tested it, as said. I would have done the move away from lerna to npm workspace anyway because it is unmaintained and rather complicated for newcomers. Dependabot was just another reason to do it, so it's fine if it doesn't support it.
Description
Lerna is currently used for managing the multiple packages.
Especially Hoisting helps us to store common dependencies only once in the
node_modules
folder. Without that feature the full installation of nodecg-io could become>5GB
in file size and have 70 or so instances of TypeScript.Unfortunately hoisting is currently not supported by dependabot wich would break the
package-lock.json
on every update.Also lerna is no longer maintained at the moment so it would be beneficial to ditch it in favour of npm workspaces.
Npm workspaces would have the benefit of working well together with dependabot (which should be used for automatic updates of dependencies) but we would have to find a way to execute the
build
script of all packets in parallel and in the right order.References
Dependabot for github actions: https://github.com/codeoverflow-org/nodecg-io/pull/262