#62190 closed defect (bug) (fixed)
Improve npm dependency management
Reported by: |
|
Owned by: |
|
---|---|---|---|
Milestone: | 6.7 | Priority: | normal |
Severity: | normal | Version: | |
Component: | Build/Test Tools | Keywords: | has-patch |
Focuses: | javascript | Cc: |
Description
There are several improvements to npm (Node.js) dependencies that have landed in Gutenberg and would be good to apply to WordPress Core as well:
- Set prefer-dedupe as the default
- Update package-lock lockfile version
- Dedupe npm dependencies.
Change History (19)
This ticket was mentioned in PR #7526 on WordPress/wordpress-develop by @jonsurrell.
4 months ago
#1
- Keywords has-patch added
@jonsurrell commented on PR #7526:
4 months ago
#2
I've merged trunk and went through the process of resetting the lockfile and applying the version change again to ensure it's up to date.
This ticket was mentioned in PR #7537 on WordPress/wordpress-develop by @jonsurrell.
4 months ago
#3
This change was applied in Gutenberg:
https://github.com/WordPress/gutenberg/pull/61630
Quoting that PR:
The
npm dedupe
command searches
and attempts to simplify the overall structure of the local package
tree to allow dependent packages to be shared more effectively. As
detailed in #61532, reducing the amount of dependency duplication is
beneficial for a few reasons:
- Fewer packages overall.
- Faster installation.
- Less size to transfer and store on disk.
- Usually bundle size is reduced (although this depends on which versions of packages are used).
However, unless the command is run regularly, the project's dependency
tree easily falls out of order.
See https://docs.npmjs.com/cli/v10/commands/npm-dedupe
Trac ticket: https://core.trac.wordpress.org/ticket/62190
This ticket was mentioned in PR #7538 on WordPress/wordpress-develop by @jonsurrell.
4 months ago
#4
Run npm dedupe
command.
Reducing dependency duplication is beneficial in general:
- Fewer packages overall.
- Faster installation.
- Less size to transfer and store on disk.
- Bundle size may be reduced (although this depends on which versions of packages are used).
Related: #7537
Trac ticket: https://core.trac.wordpress.org/ticket/62190
@jonsurrell commented on PR #7537:
4 months ago
#5
I've created another PR that performs npm dedupe
: https://github.com/WordPress/wordpress-develop/pull/7538
@jonsurrell commented on PR #7538:
4 months ago
#6
Setting this back to "draft." It will conflict with #7526 and I'd like that to land first.
#7
@
4 months ago
- Milestone changed from Awaiting Review to 6.7
- Status changed from assigned to reviewing
4 months ago
#12
Let's merge this change into #7538. I think it's fine to handle in the same commit!
@jonsurrell commented on PR #7537:
4 months ago
#13
Sounds good, now that #7526 has landed there shouldn't be any conflicts 👍
@jonsurrell commented on PR #7537:
4 months ago
#14
Superseded by #7538.
#17
@
4 months ago
IIUC, I think we also need to change this line for the sync-gutenberg-packages
script:
The new lock file format no longer has the top-level dependencies
field.
c.c. @gziolo, @desrosj
[Update the package-lock.json file to the v3 format:
](https://docs.npmjs.com/cli/v8/using-npm/config#lockfile-version)
Given the engines and engine-strict setting, npm versions earlier than 7 should not be used and there should be no downsides to this change:
https://github.com/WordPress/wordpress-develop/blob/90d242939d030a057c6a0719af415ec336d379e2/package.json#L9-L12
https://github.com/WordPress/wordpress-develop/blob/90d242939d030a057c6a0719af415ec336d379e2/.npmrc#L2
Similar PR for Gutenberg: https://github.com/WordPress/gutenberg/pull/65923
The lockfile goes from
2124789
to1175664
bytes, around 950kb smaller.Trac ticket: https://core.trac.wordpress.org/ticket/62190