Why does cipm need a separate tool?

[styfle]

Why does cipm need to be a separate tool?
Couldn't it be a command line flag for the existing npm tool?

[zkat]

It's going to be integrated into npm as npm ci. The point of developing it separately is to have external tools that we can experiment with and investigate new ideas with. It was a very successful experiment when we tried it with npx, and so we're taking to doing that. It's also helped because it's forced us to refactor and extract and rewrite some other parts of npm itself into external libraries, which will then make it easier to do other such experiments.

npm is a very old codebase by Node standards: in fact, one of the oldest Node projects in existence, and as such, is a bit harder to work with than a green field project would otherwise be. This is just another way for us to continue modernizing npm itself.

Does that answer your question?

[styfle]

Yes, thanks for the detailed answer!

Sometimes the division of npm is scary because it's such a fundamental part of the Node ecosystem.
Every major version of npm I wonder what will break.
I cross my fingers when running npm install...so far so good.
And now we have yarn as an alternative so its hard to choose.

I was reading about the whole package-lock.json fiasco where the lock file wasn't really locking dependencies which is how I found a reference to cipm.

I look forward to trying it out, and hopefully never worrying about a bad install again 👍