We have a custom Suse Linux Enterprise repository, that we want to ship to customers in the future. In there right now are a lot of different versions of the same packages, some obsolete and some needed as a dependency for other packages, so the whole repo is quite large.
I guess what im trying to do, is find a query to list all packages that have newer versions in the repository, and have no other package that needs this version as a dependency.
Is there an elegant way, to find the not needed packages ?
Related
Recently new versions of packages came out, which required new versions of another library (which in turn broke my production builds). However, they both only increased their patch version number (one was #types/prettier and the other one cheerio).
My projects use these libs only indirectly, so even though I set all my dependencies to a fixed version number, these changes affected my builds and cause a lot of grief.
If I could tell NPM not to consider newer versions of a package and always use only the specified one, this kind of problem would probably not appear. Is it possible to force NPM not to install newer versions of dependencies, even if they allow ranges?
I would like to hard-pin my NPM dependencies. "Hard-pinning" would mean that an automated process would check my dependency list for certain packages with certain versions and if a package has been locally upgraded, an custom error message should be shown (ideally, this should be integrated in a pre-push Git hook).
The reasons for wanting this behavior could be:
external dependencies (e.g. other teams integrating with your project, requiring certain versions)
broken or unwanted behavior because of certain issues (e.g. "wait until #124 is fixed")
known non-obvious migration effort for major upgrades
upgrade incompatibilities (e.g. newest version requires, but does not enforce, a newer peer dependency).
Normal pinning does not cut it in this case: it's trivial to update pinned packages anyway, comments do not work with package.json without extra effort and sometimes the reasons are too important not to be displayed explicitly.
How can I achieve such "hard-pinning"?
How does different mikro-orm packages versions correspond to each other? Could I possibly use #mikro-orm/core 4.0.0 and #mikro-orm/nestjs 3.1.0 or other variations of different #mikro-orm packages and their versions? Should all #mikro-orm packages be installed with same version?
It's 3 questions but I feel they are pretty much the same since they try to clarify concept of version matching in mikro-orm for me.
All packages that come from the main repository are released together, you should always align their versions.
https://github.com/mikro-orm/mikro-orm/tree/master/packages
The rest is not dependent on exact version, but in general, use the most up to date one. There are currently 3 packages that live outside of the main repo, the nest adapter you mentioned and 2 highlighters.
Btw there is no such release as #mikro-orm/nestjs 3.1.0, first release was 4.0.0 and current is 4.2.0.
edit: apparently lerna is aligning only minor/feature releases, so it can happen that some packages are not on the very latest patch version, example of that are mongo and reflection packages, that are still on 4.1.0, while the rest is on 4.1.1. but again, use the latest everywhere and you will be fine. Your IDE should guide you in knowing the latest versions.
We have a private nexus repository and publishing all the npm modules there. We have Module A and Module B, B is dependent on A. Here I am getting an issue with installing the latest SNAPSHOT version. For example:
Module A has published versions like
'1.0.0-SNAPSHOT', '1.0.1-SNAPSHOT', and '1.0.0'
In Module B package.json, I added the dependency like
"Module A": "^1.0.0-SNAPSHOT"
As I mentioned "^" in the dependency, it should install the latest version (i.e, 1.0.1-SNAPSHOT), But I am not sure why it is installing '1.0.0' instead '1.0.1-SNAPSHOT.
Your help would be greatly appreciated. Thanks in Advance.
Avoid releasing and using snapshot dependencies. When you publish a release, it should not contain -SNAPSHOT. Referring to a proper release is mandatory in order to be sure you are testing/executing the right code without side effects due to regression problems. You need to know in every moment which version you are using, that is very important, so relying on latest versions of your modules might not be the best solution, it doesn't worth it either if you are precise with major, minor and patch bits in order to avoid breaking changes or unexpected behaviors.
If you really need to develop them together you can use npm link command instead.
I don't know how it got this bad. I'm a web developer, and I use Ubuntu, and here are just some of the package managers I'm using.
apt-get for system-wide packages
npm for node packages
pip for python packages
pip3 for python 3 packages
cabal for haskell packages
composer for php packages
bower for front-end packages
gem for ruby packages
git for other things
When I start a new project on a new VM, I have to install seemingly a dozen package managers from a dozen different places, and use them all to create a development environment. This is just getting out of control.
I've discovered that I can basically avoid installing and using pip/pip3 just by installing python packages from apt, like sudo apt-get install python3-some-library. This saves from having to use one package manager. That's awesome. But then I'm stuck with the Ubuntu versions of those packages, which are often really old.
What I'm wondering is, is there a meta-package manager that can help me to replace a few of these parts, so my dev environment is not so tricky to replicate?
I had a thought to make a package manager to rule them all for that very reason. Never finished it though, too much effort required to stay compatible. For each package manager you have a huge community supporting it's upkeep.
Best advice I have is to try to reduce your toolchain for each type of project. Ideally you shouldn't need to work in every language you know for each project you work on. How many projects are you using that use both python 2 and python 3 simultaneously?
Keep using apt for your system packages and install git with it. From there try to stick to one language per project. AFAIK all of the package managers you listed support installing packages from git. The languages you mentioned all have comparable sets of tooling, so use the toolchain available for the target language.
I worked with a team that was using composer, npm, bower, bundler, maven, and a tar.gz file for frontend SPAs because those are the tools they knew. On top of all of that, they were using vagrant simply as a deployer. We considered our toolchain and described our need and realized that it could be expressed in a single language once we adopted appropriate tooling for the task at hand.