为什么要检查凉亭组件? [英] Why check in bower components?
问题描述
Bower文档说
N.B。如果您没有创作要供他人使用的软件包(例如,您正在构建Web应用程序),则应始终将已安装的软件包签入源代码管理中。
N.B. If you aren't authoring a package that is intended to be consumed by others (e.g., you're building a web app), you should always check installed packages into source control.
有人对这个问题有一个很好的答案吗?
Does anyone have a good answer to why?
如果我正在制作一个Web应用程序,我不想让我的仓库混乱
If I am making a web app I don't want my repo cluttered with updates in version of library X.
我只想更新bower.json依赖项。我认为大多数项目都会有一个构建步骤或类似的步骤,例如咕gr咕。的。构建步骤将确保在构建之前调用bower install / update,以便存在这些文件以便进行合并/缩小等操作,甚至可以将其复制到某些dist文件夹中。
I just want to update bower.json dependencies. I would think most projects will have a build step or similar, for instance with grunt. The build step would make sure to call bower install/update before building, so that those files are present for concat/minification etc. Or even a plain copy to some dist folder.
我错过了什么吗?
推荐答案
这是为了锁定您的依赖项,以防止坏的依赖项破坏您的应用程序或远程故障导致无法部署。即使您有构建步骤,也可能会发生这种情况,因为您可能没有对每个构建进行彻底的测试,并且自动化测试无法捕获所有内容,尤其是不能直观地回归。同样,多个开发人员可能具有不同版本的依赖关系。通过提交依赖关系,可以确保每个人都保持相同的版本。我还发现查看差异是确保依赖树中没有引入任何恶意的好方法。
It's to lock down your dependencies so to prevent a bad dependency from breaking your app or the remote being down preventing deployment. This could happen even though you have a build step, since you probably don't thoroughly test on every build, and automated tests don't catch everything, especially not visual regressions. Also multiple developers might have different versions of a dependency. By having the dependencies committed you ensure everyone stays on the same version. I also find viewing the diff is a good way to ensure nothing malicious was introduced in the dependency tree.
在Node世界中, npmrinkwrap code>部分解决了此问题,但尚未进行校验和匹配。鲍尔目前有一个开放的票即可实现。
In the Node world npm shrinkwrap partially solves this, but doesn't yet do checksum matching. Bower currently have an open ticket to implement the same.
您可以在此博客文章中了解更多信息:签入前端依赖项
You can read more about it in this blog post: Checking in front-end dependencies
这篇关于为什么要检查凉亭组件?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
