Use npm instead of Yarn

[alanorth]

References

• Fixes Upgrade to Yarn v2 or switch back to npm #1074

Description

Simplify the project by using npm (which ships with Node.js) instead of Yarn (an extra global dependency and prerequisite).

The original reasons for using Yarn (dependency install speed and robust lockfiles) are no longer as compelling. In the past few years npm has improved in both of these areas. Furthermore, we are using Yarn 1.x "classic", which has been deprecated for several years and migration to Yarn 2, which is not backwards compatible, will require us to do some work anyway.

Instructions for Reviewers

Please add a more detailed description of the changes made by your PR. At a minimum, providing a bulleted list of changes in your PR is helpful to reviewers.

List of changes in this PR:

• Remove yarn.lock
• Update package.json to use npm run for all scripts
• Add package-lock.json
• Update several dependencies to fix lint errors
• Update Dockerfiles to use npm
• Update README.md with new instructions for npm

Include guidance for how to test or review your PR.

Try installing dependencies and building the application in dev and production mode:

$ rm -rf node_modules && npm install
$ npm run build
$ npm start

Checklist

This checklist provides a reminder of what we are going to look for when reviewing your PR. You need not complete this checklist prior to creating your PR (draft PRs are always welcome).
However, reviewers may request that you complete any actions in this list if you have not done so. If you are unsure about an item in the checklist, don't hesitate to ask. We're here to help!

• My PR is small in size (e.g. less than 1,000 lines of code, not including comments & specs/tests), or I have provided reasons as to why that's not possible.
• My PR passes ESLint validation using npm run lint
• My PR doesn't introduce circular dependencies (verified via npm run check-circ-deps)
• My PR includes TypeDoc comments for all new (or modified) public methods and classes. It also includes TypeDoc for large or complex private methods.
• My PR passes all specs/tests and includes new/updated specs or tests based on the Code Testing Guide.
• My PR aligns with Accessibility guidelines if it makes changes to the user interface.
• My PR uses i18n (internationalization) keys instead of hardcoded English text, to allow for translations.
• My PR includes details on how to test it. I've provided clear instructions to reviewers on how to successfully test this fix or feature.
• If my PR includes new libraries/dependencies (in package.json), I've made sure their licenses align with the DSpace BSD License based on the Licensing of Contributions documentation.
• If my PR includes new features or configurations, I've provided basic technical documentation in the PR itself.
• If my PR fixes an issue ticket, I've linked them together.

[tdonohue]

Thanks for this work @alanorth ! I can see we'll need to do more work here to update other areas where yarn is used (namely the GitHub Actions, Docker scripts & README). But, this looks like a good start!

I've linked this over to the 9.0 brainstorms we've started gathering for Steering to discuss. I see this as a task which can help with the "Easier Installation" idea (by removing a prerequisite in yarn).

@artlowel and @atarix83 : I added you both as reviewers here as I'd appreciate your feedback on this idea. I'd be willing to help @alanorth to get the GitHub Actions / Docker scripts updated, assuming we all agree with the goal of removing usage of yarn in favor of npm. So, please let me know if you have immediate objections/concerns.

[pnbecker]

I like this idea a lot.

[artlowel]

Thanks @alanorth!

I agree, getting rid of yarn 1 is a good idea.

This PR does seem to break our lint step (On github you see the yarn version, but I get the same issue running lint with npm). Since it won't compile, perhaps eslint resolves to a different version now?

You can get rid of the resolutions section in package.json, it's something unique to yarn, to force to use a certain version of a dependency when there are conflicts. Since the project builds fine, it looks like these particular resolutions are no longer necessary anyway.

I do think we should add the npm equivalent, which is called overrides, and solve any conflict we have with peerDependencies in there, rather than instructing people to run npm install with --legacy-peer-deps

We'll also need to update the github workflows to use npm instead of yarn, as well as the Dockerfile

[alanorth]

Thanks @artlowel!

This PR does seem to break our lint step (On github you see the yarn version, but I get the same issue running lint with npm). Since it won't compile, perhaps eslint resolves to a different version now?

Oh I'm not sure, that needs more investigation. Appreciate any advice.

You can get rid of the resolutions section in package.json, it's something unique to yarn, to force to use a certain version of a dependency when their are conflicts. Since the project builds fine, it looks like these particular resolutions are no longer necessary anyway.

Done, thanks.

I do think we should add the npm equivalent, which is called overrides, and solve any conflict we have with peerDependencies in there, rather than instructing people to run npm install with --legacy-peer-deps

Oh that is nice to know. I have worked through the conflicting dependencies and added overrides for each. Now we can install with npm install!

We'll also need to update the github workflows to use npm instead of yarn, as well as the Dockerfile

Ah yes, true. Should be easy. I will take a look soon.

[github-actions]

Hi @alanorth,
Conflicts have been detected against the base branch.
Please resolve these conflicts as soon as you can. Thanks!

[github-actions]

Hi @alanorth,
Conflicts have been detected against the base branch.
Please resolve these conflicts as soon as you can. Thanks!

[kshepherd]

@alanorth I fixed the lint errors with an update to the unused-imports plugin (this was causing the problem, not the spec test itself) - "eslint-plugin-unused-imports": "^4.1.3", does it, though note that the documentation says 4.x.x is for eslint 9, eslint-plugins 8-5 (we are behind this right?), so I think to be sure we should review all the eslint versions and see what we can update?

doc:
https://www.npmjs.com/package/eslint-plugin-unused-imports

[github-actions]

Hi @alanorth,
Conflicts have been detected against the base branch.
Please resolve these conflicts as soon as you can. Thanks!

[alanorth]

Thanks @kshepherd! You're right, the eslint-plugin-unused-imports say this:

• Version 4.1.x is for eslint 9 with @typescript-eslint/eslint-plugin v8 to v5
• Version 3.x.x is for eslint 8 with @typescript-eslint/eslint-plugin 6 - 7
• Version 2.x.x is for eslint 8 with @typescript-eslint/eslint-plugin 5

We are using 2.x.x currently, but according to this we should be using 3.x.x. It fixes the lint error, though I'm not sure why we don't hit that issue with yarn. 🤔

[artlowel]

Thanks @alanorth!

This is looking good to me now, I have one more minor inline comment.

It would be good if someone with more experience with Docker could give those changes a more thorough test though

[kshepherd]

+1 looks good, tests well (I use docker and all seems good in my environment), thanks @alanorth

[alanorth]

Thanks for testing @artlowel and @kshepherd. This is at +2 now. As far as I can see the only thing remaining is to update the DSpace wiki, though the section for DSpace 9 doesn't exist yet.

[tdonohue]

👍 Thanks @alanorth ! This was waiting on me to do a quick review. This looks GREAT! It's working well for me. I noticed on minor thing (and already fixed it), where the yarn.lock should now be listed in our .gitignore and .dockerignore in order to ensure it's no longer added back to our codebase.

Overall, this is ready to merge for 9.0. I'll leave the needs documentation flag in place until we create the new 9.0 wiki space, as we'll need to (eventually) update the docs there.