Thursday, December 10, 2020

Node.js, npm, yarn, & those lock files

The following is my opinion and doesn't represent my employer. 

Install Node.js

If you are like me and work across operating systems and environments (local, container, cloud), you have one or two bullet-proof ways you install Node.js. The Node.js organization has done a great job of listing those. 

I'm sticking with the following:

* For Windows installations - use the Windows download
* For all other installations, including VM, Container, Mac, *Nix - use the bash script

Never, under any circumstances, use the apt or apt-get package manager to install Node.js. At this point, that is equivalent to a code-smell. 


NPM should be your package manager of choice when installing an NPM package. If you run into problems, log an issue

Debugging Node.js projects with NVM and lock files

The Node Version Manager (nvm) and lock files are for the developer of a project to be able to get back to an exact version of the entire development environment to debug an issue. When you install and use someone's package, you don't need their lock file. NPM doesn't install dependencies for a package based on the log file. 

Check in the lock file so you need to get back to a specific development environment.