Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Production only shrinkwrap file #50

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Production only shrinkwrap file #50

wants to merge 2 commits into from

Conversation

yoavain
Copy link

@yoavain yoavain commented Feb 27, 2022

I noticed that installing this package brings more than it needs for runtime. This is because the shrinkwrap file which is packed has dev dependencies too. Not sure why, but npm installs both dependencies & devDependencies when installing the package.
As I suggested here using a lock file instead and building a shrinkwrap file before packing and after pruning dev-dependencies can fix that.

This PR does the following:

  1. Rename shrinkwrap file to lock file
  2. Enable lock file in .npmrc file
  3. Add prepack script to create the runtime dependencies only shrinkwrap file
  4. Add postpack script to revert changes

(It does not install dev dependencies again, as the publish script runs in github action, and there's no point in doing that)

Note: The reason to delete the lock file is that npm prune --production only deletes files from the node_modules folder and does not update the lock file, and the npm shrinkwrap only renames the lock file to shrinkwrap file if it exists. When lock file does not exist, the shrinkwrap file is created from the existing dependencies tree (which represent the committed lock file, without the dev dependencies)

(I tested using npm pack lifecycle, but I think npm publish should use the same script lifecycle)

Some numbers to justify this change:

Pack .tgz file size:
before  111KB
after    12KB

Number of packages installed with the package:
before: 581
after:   72

Lock file size after installing only this package:
before: 203KB
after:   24KB

node_module size after installing only this package:
before: 51MB
after:   2MB

@yoavain
Copy link
Author

yoavain commented Apr 6, 2022

Hi @barzik
Any chance to review, merge and publish this?
For a package with ~2500 DL per week, this should save the planet ~6TB of storage a year.
Also, you promised ;)
image

@euclidesdry
Copy link

@barzik I'm here to see this PR merged, and waiting to see this in the next release. I hope this happens soon!!

@yoavain yoavain mentioned this pull request Sep 3, 2022
Open
@yoavain
Copy link
Author

yoavain commented Sep 3, 2022

@barzik
Sorry, but I mentioned this project in an issue I opened in the package manager best practices repo as a don"t do example.
Wanted to see what this committee thinks of my unpopular opinion

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@yoavain @euclidesdry