Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Emberconf 2017 - Spin me a Yarn

Serena Fritsch
March 29, 2017
Technology
0
170

Emberconf 2017 - Spin me a Yarn

npm is one of the most popular package managers amongst Javascript developers but it is not without its flaws, especially with regards to speed and security. Yarn is a new player on the field that promises to address some of these flaws.

In this talk we will deep-dive into the inner workings of npm and yarn and demystify how they deal with dependency resolution, authenticity of packages and overall performance. A good understanding of these concepts allows you to make better-informed decisions regarding which package manager you should use for your next Javascript application.

Serena Fritsch

March 29, 2017
Tweet

More Decks by Serena Fritsch

See All by Serena Fritsch
Let Me Ember this for You
serenaf
0
230
Spin me a Yarn
serenaf
1
59
Crafting the Perfect Computed Property
serenaf
0
56

Other Decks in Technology

See All in Technology
一休.comレストランにおけるRustの活用
kymmt90
3
580
AIを駆使したゲーム開発戦略: 新設AI組織の取り組み / sge-ai-strategy
cyberagentdevelopers
PRO
1
130
生成AIと知識グラフの相互利用に基づく文書解析
koujikozaki
1
140
Aurora_BlueGreenDeploymentsやってみた
tsukasa_ishimaru
1
130
Product Engineer Night #6プロダクトエンジニアを育む仕組み・施策
hacomono
PRO
1
470
CyberAgent 生成AI Deep Dive with Amazon Web Services / genai-aws
cyberagentdevelopers
PRO
1
480
プロダクトエンジニアが活躍する環境を作りたくて 事業責任者になった話 ~プロダクトエンジニアの行き着く先~
gimupop
1
480
「視座」の上げ方が成人発達理論にわかりやすくまとまってた / think_ perspective_hidden_dimensions
shuzon
2
4.6k
Autify Company Deck
autifyhq
1
39k
事業者間調整の行間を読む 調整の具体事例
sugiim
0
1.5k
ガチ勢によるPipeCD運用大全〜滑らかなCI/CDを添えて〜 / ai-pipecd-encyclopedia
cyberagentdevelopers
PRO
3
210
初心者に Vue.js を 教えるには
tsukuha
5
390

Featured

See All Featured
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
25
1.8k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
664
120k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
107
49k
Testing 201, or: Great Expectations
jmmastey
38
7k
Side Projects
sachag
452
42k
Gamification - CAS2011
davidbonilla
80
5k
Code Review Best Practice
trishagee
64
17k
Raft: Consensus for Rubyists
vanstee
136
6.6k
Building Flexible Design Systems
yeseniaperezcruz
327
38k
Ruby is Unlike a Banana
tanoku
96
11k
jQuery: Nuts, Bolts and Bling
dougneiner
61
7.5k
Building an army of robots
kneath
302
42k

Transcript

  1. Spin me a Yarn Serena Fritsch @serifritsch [email protected] Emberconf 2017

  2. None
  3. None

  4. Once upon a time…

  5. ๏ First release in 2010

  6. ๏ First release in 2010 ๏ NPM Registry

  7. ๏ First release in 2010 ๏ NPM Registry ๏ 347184

    published packages https://unpm.nodesource.com/

  8. ๏ First release in 2010 ๏ NPM Registry ๏ 347184

    published packages ๏ 11,164 packages per week https://unpm.nodesource.com/
  9. None
  10. None

  11. xkdc.com and reddit

  12. ๏ Non-Determinism

  13. ๏ Non-Determinism ๏ Performance

  14. ๏ Uses npm registry

  15. ๏ Uses npm registry ๏ Consistent and reliable dependency resolution

  16. ๏ Uses npm registry ๏ Consistent and reliable dependency resolution

    ๏ Improved performance

  17. Dependency Resolution? Non-Determinism? Performance?

  18. None

  19. In the beginning…

  20. Disclaimer ✓ You use a package manager ✓ You are

    familiar with the npm eco system

  21. What are packages?

  22. Piece of software that can be downloaded

  23. May depend on other packages

  24. What are dependencies? a^1.0.0 b^1.0.0 App

  25. Specified inside the package.json a^1.0.0 b^1.0.0 App

  26. a^1.0.0 b^1.0.0 App Follow semantic versioning

  27. https://xkcd.com/1172/

  28. Multiple levels of dependencies a^1.0.0 s^1.0.0 App b^1.0.0 s^2.0.0

  29. a^1.0.0 s^1.0.0 App b^1.0.0 s^2.0.0 No dependency conflicts

  30. Under the hood

  31. Project Code

  32. Project Code Manifest +

  33. Project Code Manifest + Dependency Code

  34. goo.gl/LJSNmP

  35. None

  36. Disclaimer ✓ First-time installation ✓ Empty node_modules folder ✓ No

    pre-cached packages

  37. Install Phases 1. Dependency Resolution Make requests to the registry

    and look up dependencies recursively

  38. Install Phases 2. Fetching Packages Fetch package tarballs and place

    in global cache

  39. Install Phases 3. Linking Packages Copying files from global cache

    to local node_modules folder

  40. https://github.com/ashleygwilliams/npm-sandbox package.json

  41. https://github.com/ashleygwilliams/npm-sandbox package.json Dependency Graph a^1.0.0 b^1.0.0 App s^1.0.0 s^2.0.0

  42. . . node_modules folder a^1.0.0 b^1.0.0 App s^1.0.0 s^2.0.0

  43. . node_modules folder a1 b1 App s1 s2

  44. . . a1 s1 b1 s2 a1 b1 App s1

    s2

  45. . Dependency Resolution 1. Load the existing node_modules tree from

    disc a1 b1 App s1 s2

  46. . Dependency Resolution 2. Clone the current tree a1 b1

    App s1 s2

  47. . Dependency Resolution 3.Build the ideal tree a1 b1 App

    s1 s2

  48. . Dependency Resolution a1 b1 App s1 s2

  49. . Dependency Resolution a1 a1 b1 App s1 s2

  50. . Dependency Resolution a1 a1 b1 App s1 s2

  51. a1 s1 . Dependency Resolution a1 b1 App s1 s2

  52. a1 s1 . Dependency Resolution a1 b1 App s1 s2

  53. a1 s1 b1 . . Dependency Resolution a1 b1 App

    s1 s2

  54. a1 s1 b1 . Dependency Resolution a1 b1 App s1

    s2

  55. . a1 s1 b1 s2 Dependency Resolution a1 b1 App

    s1 s2

  56. . Dependency Resolution 4.Generate Actions to take add [email protected] add

    [email protected] add [email protected] add [email protected] a1 s1 b1 s2 a1 b1 App s1 s2

  57. . Package Fetching and Linking a1 s1 b1 a1 s1

    b1 s2

  58. . Dependency Resolution 1.Create a list of Package Requests a1

    b1 App s1 s2

  59. . Dependency Resolution 2. Find Version on Registry a1 b1

    App s1 s2

  60. . Dependency Resolution 3. Check existing dependencies a1 b1 App

    s1 s2

  61. . Dependency Resolution 4. Create a new Package Request and

    repeat… a1 b1 App s1 s2 a1

  62. . Dependency Resolution a1 b1 App s1 s2 a1

  63. a1 s1 . Dependency Resolution a1 b1 App s1 s2

  64. a1 s1 . Dependency Resolution a1 b1 App s1 s2

  65. a1 s1 b1 . . Dependency Resolution a1 b1 App

    s1 s2

  66. a1 s1 b1 . . Dependency Resolution a1 b1 App

    s1 s2

  67. a1 s1 b1 . Dependency Resolution a1 b1 App s1

    s2 a1 s1 b1 s2

  68. . Package Fetching and Linking a1 s1 b1 a1 s1

    b1 s2

  69. . . Save Lockfile a1 s1 b1 a1 s1 b1

    s2

  70. “To make it more clear, your package.json states “what i

    want” for the project whereas your lock file says “what I had” in terms of dependencies” -Dan Abramov . . Save Lockfile

  71. .

  72. Differences

  73. None

  74. a1 b1 App s1 s2 c1 s1 a1 b1 s2

    s1 c1 https://docs.npmjs.com/how-npm-works/npm3-nondet

  75. Upgrade of Package A a2 b1 App s2 s2 c1

    s1

  76. a1 b1 s2 s1 c1 a2 b1 App s2 s2

    c1 s1

  77. a1 b1 s2 s1 c1 a2 b1 App s2 s2

    c1 s1

  78. a2 b1 s2 s1 c1 a2 b1 App s2 s2

    c1 s1

  79. a2 b1 s2 s1 c1 a2 b1 App s2 s2

    c1 s1

  80. a2 b1 s2 s1 c1 a2 b1 App s2 s2

    c1 s1 s2

  81. a2 b1 s2 s1 c1 a2 b1 App s2 s2

    c1 s1 s2

  82. a2 b1 s2 s1 c1 a2 b1 App s2 s2

    c1 s1 s2

  83. a2 b1 s2 s1 c1 a2 b1 App s2 s2

    c1 s1 s2

  84. a2 b1 s2 s1 c1 a2 b1 App s2 s2

    c1 s1 s2

  85. a2 b1 s2 s1 c1 a2 b1 App s2 s2

    c1 s1 s2

  86. a2 b1 s2 s1 c1 a2 b1 App s2 s2

    c1 s1 s2

  87. a2 b1 s2 s1 c1 a2 b1 App s2 s2

    c1 s1 s2

  88. a2 b1 App s2 s2 c1 s1 a2 b1 s2

    s1 c1 s2

  89. a2 b1 App s2 s2 c1 s1

  90. a2 b1 App s2 s2 c1 s1

  91. a2 b1 App s2 s2 c1 s1 a2

  92. a2 b1 App s2 s2 c1 s1 a2

  93. a2 s2 a2 b1 App s2 s2 c1 s1

  94. a2 s2 a2 b1 App s2 s2 c1 s1

  95. a2 b1 s2 a2 b1 App s2 s2 c1 s1

  96. a2 b1 s2 a2 b1 App s2 s2 c1 s1

  97. a2 b1 s2 a2 b1 App s2 s2 c1 s1

  98. a2 b1 s2 a2 b1 App s2 s2 c1 s1

  99. a2 b1 App s2 s2 c1 s1 a2 b1 s2

    c1

  100. a2 b1 App s2 s2 c1 s1 a2 b1 s2

    c1

  101. a2 b1 App s2 s2 c1 s1 a2 b1 s2

    c1 s1

  102. a2 b1 s2 c1 s1 a2 b1 s2 s1 c1

    s2

  103. Anything I can do? When in doubt, clear node_modules out

  104. Save Lockfile npm shrinkwrap

  105. Save Lockfile By default turned off

  106. Upgrade of Package A a2 b1 App s2 s2 c1

    s1

  107. a2 b1 App s2 s2 c1 s1

  108. a2 b1 App s2 s2 c1 s1 a2

  109. a2 b1 App s2 s2 c1 s1 a2

  110. a2 s2 a2 b1 App s2 s2 c1 s1

  111. a2 s2 a2 b1 App s2 s2 c1 s1

  112. a2 b1 s2 a2 b1 App s2 s2 c1 s1

  113. a2 b1 s2 a2 b1 App s2 s2 c1 s1

  114. a2 b1 s2 a2 b1 App s2 s2 c1 s1

  115. a2 b1 s2 a2 b1 App s2 s2 c1 s1

  116. a2 b1 App s2 s2 c1 s1 a2 b1 s2

    c1

  117. a2 b1 App s2 s2 c1 s1 a2 b1 s2

    c1

  118. a2 b1 App s2 s2 c1 s1 a2 b1 s2

    c1 s1

  119. a2 b1 s2 c1 s1

  120. a2 b1 s2 c1 s1

  121. Project Code package.json + + Lockfile

  122. Performance

  123. Issue opened by Sam Saccone November 2015 https://github.com/npm/npm/issues/10380

  124. GET a1 GET b1 GET s1 GET s1 Timeline start

    1.0s 1.5s 2.0s 2.5s Multi-Stage Installation

  125. GET a1 GET b1 GET s1 GET s2 Timeline start

    1.0s 1.5s 2.0s 2.5s a1 s1 b1 s2

  126. GET a1 GET b1 GET s1 GET s1 Timeline start

    1.0s 1.5s 2.0s 2.5s a1 s1 b1 s2

  127. GET a1 GET b1 GET s1 GET s2 Timeline start

    1.0s 1.5s 2.0s 2.5s a1 s1 b1 s2

  128. GET a1 GET b1 GET s1 GET s2 Timeline start

    1.0s 1.5s 2.0s 2.5s a1 s1 b1 s2

  129. GET a1 GET b1 GET s1 GET s2 Timeline start

    1.0s 1.5s 2.0s 2.5s a1 s1 b1 s2

  130. GET a1 GET b1 GET s1 GET s2 Timeline start

    1.0s 1.5s 2.0s 2.5s a1 s1 b1 s2

  131. GET a1 GET b1 GET s1 GET s2 Timeline start

    1.0s 1.5s 2.0s 2.5s a1 s1 b1 s2

  132. GET a1 GET b1 GET s1 GET s2 Timeline start

    1.0s 1.5s 2.0s 2.5s a1 s1 b1 s2

  133. GET a1 GET b1 GET s1 GET s2 Timeline start

    1.0s 1.5s 2.0s 2.5s a1 s1 b1 s2

  134. GET a1 GET b1 GET s1 GET s2 Timeline start

    1.0s 1.5s 2.0s 2.5s a1 s1 b1 s2

  135. GET a1 GET b1 GET s2 Timeline start 1.0s 1.5s

    2.0s 2.5s Built-In Parallelism GET s1

  136. GET a1 GET b1 GET s2 GET s1 Timeline start

    1.0s 1.5s 2.0s 2.5s a1 s1 b1 s2

  137. GET a1 GET b1 GET s2 GET s1 Timeline start

    1.0s 1.5s 2.0s 2.5s a1 s1 b1 s2

  138. GET a1 GET b1 GET s2 GET s1 Timeline start

    1.0s 1.5s 2.0s 2.5s a1 s1 b1 s2

  139. GET a1 GET b1 GET s2 GET s1 Timeline start

    1.0s 1.5s 2.0s 2.5s a1 s1 b1 s2

  140. GET a1 GET b1 GET s2 GET s1 Timeline start

    1.0s 1.5s 2.0s 2.5s a1 s1 b1 s2

  141. GET a1 GET b1 GET s2 GET s1 Timeline start

    1.0s 1.5s 2.0s 2.5s a1 s1 b1 s2
  142. None

  143. Last Chapter

  144. Ember CLI 2.13 onwards is “yarn aware”

  145. Migrate your own projects typing yarn https://yarnpkg.com/lang/en/docs/migrating-from-npm/

  146. Community project with governance model taken from Ember and Rust

    Contribute https://github.com/yarnpkg/yarn

  147. Watch this Space as well http://blog.npmjs.org

  148. And they lived happily ever after…

  149. Thank You! @serifritsch [email protected]