Add yarn to the Travis tests matrix #3554
Conversation
It is only done automatically when a yarn.lock has been created at the root of the project
|
According to Yarn recommendations, one should use |
|
Thanks, but yarn is not compatible with Hapi. It can install the wrong versions of the dependencies due to yarnpkg/yarn#838, which they refuse to fix. |
|
I understand that Hapi needs to provide reproducible builds in some context, but if that's at the cost of being incompatible with other package manages (namely: Yarn), I think we have to work something out. This can be approached like so: That PR complies with 1/, while still allowing 2/. |
|
I just wanted to say I am -1 on this. It was yarn's choice to do a total rewrite and fork the world yet in many cases they want to break backwards compatibility. The onus is not on packages to change for yarn but for yarn to make sure it is compatible with the existing packages. |
|
Why should Hapi change for third-party package managers? IMO, it should be their job to adhere to the way npm installs dependencies. |
|
I concur. Supporting third party package managers is not our burden. If they happen to work, neat, but we definitely don’t support them. |
|
The Yarn team chose to drop support for the The issue here is deeper than whether Hapi should support third parties package managers. Hapi is performing a non-recommended use of the npm shrinkwrap feature, this was working fine while the whole community relied on npm, but the arrival of an alternative solution enlightened this issue. I don't see it as very healthy to have a package strongly tighten to a single package manager. As per the npm documentation, lockfiles are not recommended to be used by libraries:
The final users should have control over their installed dependencies. If need arises to have fine control over dependencies in a library, one could specify a fixed version in the I don't think I'm the only one using both |
|
I appreciate the desire to make hapi easier to use and more compatible with third-party package managers. However, I am not having this discussion again, not until there is an acceptable solution. Using a shrinkwrap file is the only way to lock down n-order dependencies, not just direct ones. It is also the only solution available today that is compatible with versions of npm distributed with node 4.x. If there are specific changes we can make to resolve specific issues (like using ^ in package.json to force a newer version), I am open to that. But anything that takes absolute control away from me in deciding each and every approved dependency version is DOA. |
I get your point and I understand you want to provide a determinist build when you ship to npm. That strong contract brings guarantees and I think that's great. That said the lockfile should be seen as a bonus, it should not be a requirement. One could use npm without leveraging lockfiles ( My goal with this PR is to ask: Hapi is strongly leveraging the lockfiles, what is happening if we disable it (third party or not)? |
|
This is also unsupported usage, and anyone doing so and filing issues the first thing they would be told is to use a supported installation method. I appreciate how passionate and persistent you are in your desire to get this merged, but as has been said - installations that don’t respect the lock file will never be supported. That’s just the facts. You’re much better off and would have a much bigger and more positive impact on the community by continuing to put pressure on the yarn maintainers to support shrinkwrap files in dependencies and subdependencies appropriately. I’m closing this for now, if yarn supports shrinkwrap files at a later date we’d be happy to revisit. |
|
I see, then I think people should know that Thanks for your input, will try to find time to contribute on that topic 👍 |
|
@aymericbeaumet I am going to make the package.json file a bit more prescriptive to solve the actual issue. That part is annoying me but I can't excuse not doing it... We will always take improvements to the documentation. There is a difference between saying hapi doesn't work with yarn vs. explaining what protection you are losing when you don't use npm. |
|
@hueniverse That's great!
We are on the same line 👌 That's what I tried to express here: outmoded/hapijs.com#498 |
|
This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions. |
It has been reported here that installing Hapi with Yarn is not tested on the CI.
This PR adds Yarn to the Travis tests matrix.
This allows us to make sure Hapi can successfully be installed with the two main package managers. This patch is flexible and allows us to add more in the future if need be.