web前端高级-vue

NPM 即将被 Node.js 官方抛弃

2021-11-08  本文已影响0人  老鼠AI大米_Java全栈

突然发现在 Node.js 16.9.0 的官方文档里面,多了个 Experimental 的 Corepack

Corepack is an experimental tool to help with managing versions of your package managers. It exposes binary proxies for each supported package manager that, when called, will identify whatever package manager is configured for the current project, transparently install it if needed, and finally run it without requiring explicit user interactions.

看完一脸懵逼:这是啥?要干掉 NPM?为啥这么突然?

于是进一步翻了仓库和对应的讨论:

Corepack is a zero-runtime-dependency Node script that acts as a bridge between Node projects and the package managers they are intended to be used with during development. In practical terms, Corepack will let you use Yarn and pnpm without having to install them - just like what currently happens with npm, which is shipped by Node by default.
摘自:https://github.com/nodejs/corepack/blob/main/DESIGN.md

**简单来说,Corepack 会成为 Node.js 官方的内置 CLI,用来管理『包管理工具(npm、yarn、pnpm、cnpm)』,用户无需手动安装,即『包管理器的管理器』。 **

## 初体验

先安装 Node.16.9.0 版本,然后在 package.json 中声明对应的包管理工具:

// package.json
{
  "name": "corepack-test",
  "packageManager": "yarn@2.0.0"
}

玩起来:

# 单应用激活
$ corepack enable

# 用声明的包管理器,会自动下载对应的 yarn,然后再执行
$ yarn install

# 用非声明的包管理器,会自动拦截报错
$ pnpm install
Usage Error: This project is configured to use yarn

我嚓,没全局安装 yarn 也能找到命令,怎么搞的?分析了下,非常粗暴。。。

$ which corepack    
/Users/tz/.nvs/node/16.9.0/x64/bin/corepack

$ ll /Users/tz/.nvs/node/16.9.0/x64/bin/
corepack -> ../lib/node_modules/corepack/dist/corepack.js
npm -> ../lib/node_modules/npm/bin/npm-cli.js
npx -> ../lib/node_modules/npm/bin/npx-cli.js
pnpm -> ../lib/node_modules/corepack/dist/pnpm.js
pnpx -> ../lib/node_modules/corepack/dist/pnpx.js
yarn -> ../lib/node_modules/corepack/dist/yarn.js
yarnpkg -> ../lib/node_modules/corepack/dist/yarnpkg.js

其他用法:

# 全局指令如 npm init 这种,需要设置
$ corepack prepare yarn@x.y.z --activate

# 也支持代理方式,类似 npx 执行远程包
$ corepack yarn@2.1.0 install

小结:对于大部分开发者来说,基本上无感,原来怎么用还怎么用,只是无需特意全局安装对应的包管理器了。

## 探究

为什么要做这个?

Various problems arise from npm being the only package manager shipped by default:

  • Projects using popular package management solutions other than npm (particularly Yarn and pnpm) require additional installation step that must often be repeated when switching between Node versions. This lead to a significant part of the Node userbase effectively being a second-class citizen, which sounds unfortunate.

  • Because one package manager currently holds a special treatment, users are more likely to pick it even if they would choose another solution should they have the choice (it really depends on how they balance the tradeoffs, but sometimes they value simplicity over purely technical factors). This artificial barrier hurts our community by making it harder to pick the right tool for the job.

  • Having a single official package manager means that all the keys belong to a single player which can do whatever it pleases with it (even the Node project only has a limited influence over it, since removing the unique package manager would be poorly accepted by the community). Spreading these responsibilities over multiple projects gives less power to each, ensuring that everyone behave well.

摘自:https://github.com/nodejs/corepack/blob/main/DESIGN.md

简单的说,发起者认为,npm 目前是唯一的包管理工具,导致广大开发者喜爱的 pnpm、yarn 等工具成为二等公民,伤害到用户体验以及社区的良性发展。 早在 2017 年就发起的 讨论,在最近的 TSC 表决中通过。

虽然发起者 arcanis 利益相关,是 yarn 的 Lead Maintainer,但只想给他点个赞,并对 npm 说:你也有今天!

npm 这个阿斗,在 Node.js 起步时起了很大的作用,但它毕竟是个商业公司,而且这么多年来,一直不思进取:

我们一次一次的重燃希望又一次一次的失望,这废宅只会躺平,三天打鱼两天晒网,直到今天,Node.js 官方决定把他赶出门磨练下。

PS:需注意的是,这次动的只是 Node.js 安装包的 CLI,而包管理服务(即 npm registry)是没有变化的,大家平时用 yarn 和 pnpm 也是连的 npm registry 或者 cnpm registry 这个国内同步源。

后续规划

The full npm package wouldn't be included out of the box anymore (this might be an incremental move, with first a major version shipping pmm + npm, and the next one discarding npm).
摘自:https://github.com/nodejs/corepack/blob/main/DESIGN.md

上一篇 下一篇

猜你喜欢

热点阅读