Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
npm or yarn, that is a problem.
Search
Yosuke Furukawa
PRO
August 26, 2018
Programming
2.4k
18
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
npm or yarn, that is a problem.
LL.pm で発表した npm と yarn の話です。
Yosuke Furukawa
PRO
August 26, 2018
More Decks by Yosuke Furukawa
See All by Yosuke Furukawa
デザインシステムが必須の時代に
yosuke_furukawa
PRO
2
240
Node.js, Deno, Bun 最新動向とその所感について
yosuke_furukawa
PRO
10
5.2k
Welcome JSConf.jp 2024
yosuke_furukawa
PRO
1
4.8k
tc39 x jsconf.jp Panel Discussion 2024
yosuke_furukawa
PRO
0
350
Removing Corepack
yosuke_furukawa
PRO
9
2k
JavaScript Runtime とはなにか
yosuke_furukawa
PRO
15
3.1k
Strip Types と Storage
yosuke_furukawa
PRO
4
520
Module Harmony について
yosuke_furukawa
PRO
4
1.9k
LTのやり方
yosuke_furukawa
PRO
16
3k
Other Decks in Programming
See All in Programming
アルゴリズムは何を圧縮しているのか ─ Haskell から育った「圧縮代数」というメンタルモデル
naoya
16
3.3k
自作OSでスライド発表する
uyuki234
1
3.8k
コンテキストの使い捨てをやめる — ビジネスルール駆動開発と miko —
ioki
0
270
どこまでゆるくて許されるのか
tk3fftk
0
470
Developing with AI Agents — Codex, Claude Code & Cowork Practical Guide
x5gtrn
PRO
0
1.4k
フィードバックで育てるAI開発
kotaminato
1
110
コーディングルールの鮮度を保ちたい for SRE NEXT 2026 / keep-fresh-go-internal-conventions-sre-next-2026
handlename
0
140
【SRE NEXT 2026 Lunch Session】一人目専任SREの立ち上げを加速する ― AIと進めたオンボーディングで2分を0.04秒にした話
pkshadeck
PRO
0
2.3k
スマートグラスで並列バイブコーディング
hyshu
0
290
エンジニアにデザインハーネスを 〜デザインプロセスを規定するためのハーネス〜 / Design harness from an engineer's perspective
rkaga
2
1.3k
Mujeres en SEO Summit 2026 - Greatest Disaster Hits en Web Performance
guaca
0
240
SREの積み重ねがAI駆動開発のガードレールになった ― 7つの実践/SRE Guardrails The 7
tomoyakitaura
8
3.9k
Featured
See All Featured
Ecommerce SEO: The Keys for Success Now & Beyond - #SERPConf2024
aleyda
1
2.1k
Technical Leadership for Architectural Decision Making
baasie
3
440
Gemini Prompt Engineering: Practical Techniques for Tangible AI Outcomes
mfonobong
2
460
Being A Developer After 40
akosma
91
590k
sira's awesome portfolio website redesign presentation
elsirapls
0
300
We Analyzed 250 Million AI Search Results: Here's What I Found
joshbly
1
1.5k
What’s in a name? Adding method to the madness
productmarketing
PRO
24
4.1k
Digital Projects Gone Horribly Wrong (And the UX Pros Who Still Save the Day) - Dean Schuster
uxyall
1
1.9k
Designing Experiences People Love
moore
143
24k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
32
3k
Music & Morning Musume
bryan
47
7.3k
Avoiding the “Bad Training, Faster” Trap in the Age of AI
tmiket
0
190
Transcript
npm or yarn , that is a problem. 2018/08/26 @
LL.pm
Twitter: @yosuke_furukawa Github: yosuke-furukawa
None
FAQ
Q. npm ͱ yarn ͬͯͲͬͪ ͬͨΒ͍͍ΜͰ͔͢ʁ
A. ͍ɺͲ͍͍ͬͪͬͯ Μ͡Όͳ͍Ͱ͔͢ͶʢຊԻʣ ΈΜͳҧͬͯΈΜͳ͍͍
ͲͬͪύοέʔδΛཧ͢ ΔػೳͦΖͬͯΔɻ
ͨͩ·͊ͦΕ͚ͩݴͬͯಀ ͛ͳͷͰɺҰԠ໌֬ʹࠩผԽ ͞ΕͯΔ෦Λհ͢Δ
ύϑΥʔϚϯε
ܭଌͯ͠Έͨ (ͲͪΒcache͠ͳ͍ঢ়گ)
None
yarnͷউར
ܭଌͯ͠Έͨ (cacheΛ༗ޮʹͨ͋͠ͱͷ݁Ռ)
yarnͷউར
ͳΜͱͳ͘ମײͱ͋ͬͯΔɻ ZBSO͕͖ͳਓେମ1FSGPSNBODF ͕͍ͱ͍͏͜ͱͰͬͯΔ
npm ci
npm ci $*$%Ͱ͏ͨΊʹ༨ܭͳॲཧΛ͠ͳ͍ɺͨͩϥΠϒϥ ϦΛθϩ͔Βऔಘ͢Δ͜ͱʹಛԽͨ͠ػೳ
npm ci ͍
yarnͷ͕جຊతʹߴ npmͷ͕͍͕ɺCIͰ yarnΑΓߴ
yarn։ൃ༻్ʹ͍͍ͯΔ npm։ൃɾӡ༻ͰͦΕͧΕ ίϚϯυΛ͚͍ͯΔ
ػೳ ʢجຊతʹ΄΅compatibleʣ
yarnʹ͋ͬͯnpmʹͳ͍ػೳ
yarn licenses list
ґଘϥΠϒϥϦͷϥΠηϯε͕ ҰཡͰ͖Δػೳ $ yarn licenses list yarn licenses v1.9.4 !"
(BSD-2-Clause OR MIT OR Apache-2.0) # $"
[email protected]
# !" URL: https://github.com/dominictarr/rc.git # !" VendorName: Dominic Tarr # $" VendorUrl: dominictarr.com !" (GPL-2.0 OR MIT) # $"
[email protected]
# !" URL: https://github.com/faisalman/ua-parser-js.git # !" VendorName: Faisal Salman # $" VendorUrl: http://github.com/faisalman/ua-parser-js !" (MIT AND BSD-3-Clause) # $"
[email protected]
# !" URL: git://github.com/crypto-browserify/sha.js.git # !" VendorName: Dominic Tarr # $" VendorUrl: https://github.com/crypto-browserify/sha.js
yarn upgrade-interactive
ґଘϥΠϒϥϦͷߋ৽Λରܕ γΣϧͰߦ͑Δػೳ
npmʹ͋ͬͯyarnʹͳ͍ػೳ
npm audit
ґଘϥΠϒϥϦͰ੬ऑੑ͕ใࠂ ͞Ε͍ͯͳ͍͔Λࠪ͢Δػೳ $ npm audit === npm audit security report
=== # Run npm install --save-dev
[email protected]
to resolve 14 vulnerabilities SEMVER WARNING: Recommended action is a potentially breaking change %"""""""""""""""&""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""' # Low # Prototype Pollution # !"""""""""""""""("""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""") # Package # lodash # !"""""""""""""""("""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""") # Dependency of # nyc [dev] # !"""""""""""""""("""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""") # Path # nyc > istanbul-lib-instrument > babel-generator > # # # babel-types > lodash # !"""""""""""""""("""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""") # More info # https://nodesecurity.io/advisories/577 # $"""""""""""""""*""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""+
࠷ۙηΩϡϦςΟ͕͍ʢ ͍ʣ
͔͠npm auditnpmಠࣗͷػೳͱͯ͠ ఏڙ͞ΕͯΔʢଞͷαʔϏεͰ͑ͳ͍ʣ
yarn։ൃπʔϧͱͯ͠༏ल npmӡ༻πʔϧͱͯ͠༏ल
᠘ ʢ͍ͬͯͯҾ͔͔ͬΔϙΠϯτʣ
yarn ͷ᠘
ॏෳϞδϡʔϧΛআ͢Δػ ೳ͕npmͱcompatibleͳಈ ͖Λ͠ͳ͍ɻ
yarn, npm ͱʹॏෳͨ͠Ϟδϡʔ ϧ͕͋ͬͨΒτοϓϨϕϧʹ࡞Δ // ͜͏͍͏ґଘ͕ؔ͋ͬͨΒ app (lib_Aͱlib_Bʹґଘ)/ node_modules/ lib_A(v1)
(lib_B(v1)ʹґଘ)/ lib_B(v1) (lib_C(v1)ʹґଘ)/ lib_C (v1)/ lib_B(v2) (lib_C(v1)ʹґଘ)/ lib_C (v1)/ // CΛҰͭʹͯ͠ɺ֊ߏΛઙ͘͢Δػೳ(dedupeͱݺΕΔ) app/ node_modules/ lib_A (v1)/ lib_B(v1)/ lib_B(v2)/ lib_C(v1)/
yarnͷ߹جຊ͜ͷ dedupe͕ಈ͕͘ɺᘳ͡Ό ͳ͍ɻ https://github.com/yarnpkg/yarn/issues/6070
yarn dedupeෆશ // dedupe͕ෆશͩͱ͜͏ͳΔɻ app/ node_modules/ lib_A (v1)/ lib_B(v1)/ lib_C(v1)/
lib_B(v2)/ lib_C(v1)/ ΄ͱΜͲͷέʔεͰʹͳΒͳ͍͕ɺ$#ͷٯ ࢀর͕͋Δͱ/(
࣮ࡍʹwebpackϞδϡʔϧ ͱͦͷґଘͰҰճNGʹͳͬ ͨɻ
npm ͷ᠘
npm install ͰຖճlockϑΝΠ ϧॻ͖͑ͯ͘Δ
package-lockϑΝΠϧॻ͖͑ Δ $ npm install $ git diff - package-lock.json
(!! npm install ͚ͨͩ͠ͳͷʹϩοΫϑΝΠϧ͕ॻ͖Θͬ ͯΔ !!)
όάͱͯ͠ೝࣝ͞ΕͯΔ͕ɺ ·ͩͬͯͳ͍ɻ
None
package-lockϑΝΠϧॻ͖͑ Δ // workaround $ npm install --nosave OR $
npm ci // npm install —nosave option Λ͚ͭΔͱͦͷλΠϛϯάͰpackage-lock࡞ Βͳ͍ɻ // npm ci package-lock.json͔Βμϯϩʔυ͢ΔҎ֎ͷҰΛ͠ͳ͍ɻ
yarnCLI͕ͩރΕͯͳ͍ npmlockͷ෦ʹ·ͩएׯ ͷই͕͋Δɻ
·ͱΊ • ੑೳ • yarn ͷ͕جຊతʹ͍ • npm ciߴ •
ػೳ • yarnͷ͕։ൃ໘Ͱخ͍͠ػೳ͕ଟ͍ • npmͷ͕ӡ༻໘ʢಛʹηΩϡϦςΟʣͰخ͍͠ػೳ͕ଟ͍ • ᠘ • yarn => deduce ͍ • npm => lockfileউखʹॻ͖͑ͪΌ͏
Q. npm ͱ yarn ͬͯͲͬͪ ͬͨΒ͍͍ΜͰ͔͢ʁ
(ੑೳతʹyarnͷ͕͍͠ɺ ศརίϚϯυ͋Δ͚Ͳɺ npmͷ͕ηΩϡΞͩ͠ɺރΕ ͯΔ͠͏ʔʔΜ…)
A. ͖ͳͷͬͨΒ͍͍Μ͡Ό ͳ͍Ͱ͔͢Ͷ (^^)