为什么我不使用 npm 来安装纱线? [英] Why wouldn't I use npm to install yarn?
问题描述
在博客文章中宣布纱线(另一种 npm 客户端),他们说,最简单的开始的方法是运行 npm install -g yarn".但是如果你去他们文档中的安装纱线"页面,npm install yarn"不是未在任何特定于平台的安装页面上列出,它仅作为替代方案"页面上三个选项中的第三个提供.此外,当您 npm install yarn 时,它会打印一个弃用警告,建议使用适合您环境的本机安装方法安装 Yarn."所以我的问题是如果 npm install 是最简单的安装方法,为什么它不是他们文档中推荐的方法?使用 npm 安装 yarn 有什么缺点吗?
In the blog post announcing yarn (an alternative npm client) they say, "The easiest way to get started is to run npm install -g yarn". But if you go to the "install yarn" page in their docs, "npm install yarn" isn't listed on any of the platform-specific installation pages, and it's only offered as the third of three options on the "Alternatives" page. Furthermore when you npm install yarn it prints a deprecation warning, "It is recommended to install Yarn using the native installation method for your environment." So my question is if npm install is the easiest installation method, why isn't it a recommended method in their docs? Are there disadvantages to installing yarn using npm?
推荐答案
Edit (2020/11/23):
感谢@Kissaki 在评论中提供 Yarn 建议的最新信息.
Edit (2020/11/23):
Thanks to @Kissaki for providing an update on Yarn's advice in the comments.
从 Yarn 2.x 开始,Yarn 团队改变了他们的建议,现在建议通过 npm 安装该工具.该建议围绕锁定在每个项目基础上使用的 Yarn 版本的优势.这使项目能够适应 Yarn 版本之间的变化.
As of Yarn 2.x, the Yarn team has altered their advice and now suggests installing the tool via npm. This advice centers around the advantages of locking the version of Yarn used on a per-project basis. This allows projects to be resilient to variations between versions of Yarn.
来自新 Yarn 安装"页面:
在整个系统中使用单个包管理器一直是一个问题.为了稳定,安装需要使用相同的包运行跨环境管理器版本,否则我们有风险在版本之间引入意外的破坏性更改 - 毕竟,这就是为什么首先引入锁文件的概念!从某种意义上说,Yarn 是您的第一个项目依赖项,它锁定"应该是有意义的
Using a single package manager across your system has always been a problem. To be stable, installs need to be run with the same package manager version across environments, otherwise there's a risk we introduce accidental breaking changes between versions - after all, that's why the concept of lockfile was introduced in the first place! And with Yarn being in a sense your very first project dependency, it should make sense to "lock it" as well.
因此,Yarn 2 及更高版本应在以项目为基础.
For this reason, Yarn 2 and later are meant to be managed on a by-project basis.
这类似于在每个项目的基础上锁定构建工具版本的其他方法.有关示例,请参阅 Gradle Wrapper.
This is similar to other methods of locking build tool versions on a per-project basis. See the Gradle Wrapper for an example.
独立 Yarn 安装的优势很快就会消失,尤其是随着 Yarn 团队的方向发生变化.现在建议通过 npm 安装,从 Yarn 2.x 开始,他们的站点上似乎不再提供独立安装的说明.
The advantages of a standalone Yarn installation fall apart rather quickly, particularly with the Yarn team's change in direction. Installing via npm is now suggested, and instructions for standalone installations no longer appear to be offered on their site as of Yarn 2.x.
根据 Yarn 项目维护者的说法,通过 npm 安装 Yarn 违背项目目标,可能会导致问题,并且通常比特定于平台的安装方法更糟糕.
According to the Yarn project maintainers, installing Yarn via npm goes against the goals of the project, can cause issues, and is, in general, worse than platform-specific installation methods.
推荐的特定于平台的安装的优点:
Advantages to recommended platform-specific installation:
- Yarn 团队认为 npm 不安全且不可靠.从通过 npm 安装"Yarn 的 安装"部分页面:
注意: 一般不推荐通过 npm 安装 Yarn.使用 npm 安装 Yarn 是不确定的,包没有签名,唯一执行的完整性检查是基本的 SHA1 哈希,这在安装系统范围的应用程序时存在安全风险.
Note: Installation of Yarn via npm is generally not recommended. Installing Yarn with npm is non-deterministic, the package is not signed, and the only integrity check performed is a basic SHA1 hash, which is a security risk when installing system-wide apps.
出于这些原因,强烈建议您通过最适合您的操作系统的安装方法安装 Yarn.
For these reasons, it is highly recommended that you install Yarn through the installation method best suited to your operating system.
- 通过 npm 运行 Yarn(一个单独的包管理器实用程序)可能会导致边缘问题(请参阅 issue 2072)
- 通过系统包管理器安装将 Yarn 与 npm 分离,允许您在没有 npm 的情况下运行 Yarn
- 系统包管理器通常会定期运行,以保持 Yarn 的更新
- 通过 npm 安装 Yarn 是 慢
- 快速简便(
npm install -g yarn) - 可以在任何 npm 环境中完成(与平台无关)
- Node.js 开发人员熟悉的范式和流程
- 可以轻松更新(
npm update -g yarn)- 存在 Yarn 更新命令(
yarn self-update),但它似乎是 损坏
- Quick and easy (
npm install -g yarn) - Can be done in any npm environment (platform-agnostic)
- Familiar paradigm and process for Node.js developers
- Can be easily updated (
npm update -g yarn)- A Yarn update command exists (
yarn self-update) but it seems to be broken
当提到 Windows 时,推荐安装的系统包管理器参数往往会崩溃,那里没有官方包管理器(除非你算上 Windows 更新).此外,Chocolatey 等 Windows 包管理器通常未配置为自动更新.
The system package manager arguments for the recommended installation tend to break down when referring to Windows, where there is no official package manager (unless you count Windows Update). Also, Windows package managers such as Chocolatey are often not configured for automatic updates.
我不确定我是否完全同意 Yarn 团队对此的决定,但他们确实提出了一些公平的观点.Yarn 项目还很年轻,如果它要成为 npm 的替代品,那么鼓励 npm 作为其主要安装程序是没有意义的.
I'm not sure that I fully agree with the Yarn team's decision on this, but they do make some fair points. The Yarn project is still young and if it is to become a replacement for npm then it wouldn't make sense to encourage npm as its primary installer.
无论如何,在大多数情况下,通过 npm 安装现在似乎可以正常工作.
Regardless, installations via npm seem to work just fine for now in most cases.
来源:
这篇关于为什么我不使用 npm 来安装纱线?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
- A Yarn update command exists (
- 存在 Yarn 更新命令(
npm install -g yarn 的优点:
