Make WordPress Core

Opened 4 months ago

Closed 4 months ago

Last modified 3 months ago

#62190 closed defect (bug) (fixed)

Improve npm dependency management

Reported by: jonsurrell's profile jonsurrell Owned by: desrosj's profile desrosj
Milestone: 6.7 Priority: normal
Severity: normal Version:
Component: Build/Test Tools Keywords: has-patch
Focuses: javascript Cc:

Description

There are several improvements to npm (Node.js) dependencies that have landed in Gutenberg and would be good to apply to WordPress Core as well:

Change History (19)

This ticket was mentioned in PR #7526 on WordPress/wordpress-develop by @jonsurrell.


4 months ago
#1

  • Keywords has-patch added

[Update the package-lock.json file to the v3 format:
](https://docs.npmjs.com/cli/v8/using-npm/config#lockfile-version)

3: Only the new lockfile information introduced in npm version 7. Smaller on disk than lockfile version 2, but not interoperable with older npm versions. Ideal if all users are on npm version 7 and higher.

Given the engines and engine-strict setting, npm versions earlier than 7 should not be used and there should be no downsides to this change:

https://github.com/WordPress/wordpress-develop/blob/90d242939d030a057c6a0719af415ec336d379e2/package.json#L9-L12
https://github.com/WordPress/wordpress-develop/blob/90d242939d030a057c6a0719af415ec336d379e2/.npmrc#L2

Similar PR for Gutenberg: https://github.com/WordPress/gutenberg/pull/65923

The lockfile goes from 2124789 to 1175664 bytes, around 950kb smaller.

Trac ticket: https://core.trac.wordpress.org/ticket/62190

@jonsurrell commented on PR #7526:


4 months ago
#2

I've merged trunk and went through the process of resetting the lockfile and applying the version change again to ensure it's up to date.

This ticket was mentioned in PR #7537 on WordPress/wordpress-develop by @jonsurrell.


4 months ago
#3

This change was applied in Gutenberg:

https://github.com/WordPress/gutenberg/pull/61630

Quoting that PR:

The npm dedupe command searches
and attempts to simplify the overall structure of the local package
tree to allow dependent packages to be shared more effectively. As
detailed in #61532, reducing the amount of dependency duplication is
beneficial for a few reasons:

  • Fewer packages overall.
  • Faster installation.
  • Less size to transfer and store on disk.
  • Usually bundle size is reduced (although this depends on which versions of packages are used).

However, unless the command is run regularly, the project's dependency
tree easily falls out of order.

See https://docs.npmjs.com/cli/v10/commands/npm-dedupe

Trac ticket: https://core.trac.wordpress.org/ticket/62190

This ticket was mentioned in PR #7538 on WordPress/wordpress-develop by @jonsurrell.


4 months ago
#4

Run npm dedupe command.

Reducing dependency duplication is beneficial in general:

  • Fewer packages overall.
  • Faster installation.
  • Less size to transfer and store on disk.
  • Bundle size may be reduced (although this depends on which versions of packages are used).

Related: #7537

Trac ticket: https://core.trac.wordpress.org/ticket/62190

@jonsurrell commented on PR #7537:


4 months ago
#5

I've created another PR that performs npm dedupe: https://github.com/WordPress/wordpress-develop/pull/7538

@jonsurrell commented on PR #7538:


4 months ago
#6

Setting this back to "draft." It will conflict with #7526 and I'd like that to land first.

#7 @desrosj
4 months ago

  • Milestone changed from Awaiting Review to 6.7
  • Status changed from assigned to reviewing

#8 @desrosj
4 months ago

In 59204:

Build/Test Tools: Update npm lockfile to version 3.

This updates the package-lock.json file to use version 3

Props jonsurrell.
See #62190.

#9 @desrosj
4 months ago

In 59205:

Build/Test Tools: Revert [59204].

The changeset had an incomplete commit message.

Unprops desrosj.
See #62190.

#10 @desrosj
4 months ago

In 59206:

Build/Test Tools: Update npm lockfile to version 3.

This updates the package-lock.json file to use the version 3 format.

Version 3 removes the version 1 format data, resulting in a smaller file. While version 3 format is not supported in npm < 7, a lower limit is enforced in the engines declaration within package.json and has been >= 7 since [56378].

The Gutenberg repository has already been updated to use version 3.

Props jonsurrell.
See #62190.

@desrosj commented on PR #7537:


4 months ago
#12

Let's merge this change into #7538. I think it's fine to handle in the same commit!

@jonsurrell commented on PR #7537:


4 months ago
#13

Sounds good, now that #7526 has landed there shouldn't be any conflicts 👍

@jonsurrell commented on PR #7537:


4 months ago
#14

Superseded by #7538.

#15 @desrosj
4 months ago

  • Resolution set to fixed
  • Status changed from reviewing to closed

In 59207:

Build/Test Tools: Configure npm to prefer-dedupe.

npm dedupe is a command that attempts to simplify the structure of the local package tree by moving dependencies higher up. This allows for more effective package sharing, less transfer, and smaller node_modules folders.

This change configures npm to prefer-dedupe by default so that these benefits persist and the command is not required to be run regularly.

This also brings better alignment with the Gutenberg repository, which has already configured prefer-dedupe.

Props jonsurrell.
Fixes #62190.

#17 @kevin940726
4 months ago

IIUC, I think we also need to change this line for the sync-gutenberg-packages script:

https://github.com/WordPress/wordpress-develop/blob/721047921388419936fc1310c135fc65d01cab64/tools/release/sync-gutenberg-packages.js#L110

The new lock file format no longer has the top-level dependencies field.

c.c. @gziolo, @desrosj

This ticket was mentioned in Slack in #core-editor by kevin940726. View the logs.


4 months ago

#19 @jonsurrell
3 months ago

@kevin940726 Do you know whether the script you mentioned is working correctly? I believe there have been package updates ostensibly without problems, but it's possible things are not working as expected…

Note: See TracTickets for help on using tickets.