Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: added --install-strategy=linked #6078

Merged
merged 4 commits into from
Jan 25, 2023
Merged

Conversation

fritzy
Copy link
Contributor

@fritzy fritzy commented Jan 24, 2023

Co-authored-by: Vincent Bailly vibailly@microsoft.com

Implements the RFC https://github.com/npm/rfcs/blob/main/accepted/0042-isolated-mode.md

Packages are installed in node_modules/.store flat, and linked into the node_modules tree in depth, rather than hoisted.

@fritzy fritzy requested a review from a team as a code owner January 24, 2023 06:53
workspaces/arborist/lib/arborist/index.js Outdated Show resolved Hide resolved
workspaces/arborist/lib/arborist/reify.js Outdated Show resolved Hide resolved
Co-authored-by: Vincent Bailly <vibailly@microsoft.com>
@fritzy fritzy force-pushed the fritzy/linked-install3 branch from 3caaf36 to 2f8a505 Compare January 24, 2023 07:17
@npm-cli-bot
Copy link
Collaborator

npm-cli-bot commented Jan 24, 2023

no statistically significant performance changes detected

timing results
app-large clean lock-only cache-only cache-only
peer-deps
modules-only no-lock no-cache no-modules no-clean no-clean
audit
npm@8 44.260 ±2.64 23.194 ±0.39 21.040 ±0.22 23.505 ±0.45 3.841 ±0.02 3.772 ±0.07 3.099 ±0.06 14.684 ±0.37 3.091 ±0.02 4.852 ±0.95
#6078 49.729 ±6.81 21.915 ±0.19 20.684 ±0.06 23.976 ±1.28 3.737 ±0.02 3.734 ±0.01 2.925 ±0.03 14.355 ±0.26 2.872 ±0.03 4.634 ±0.39
app-medium clean lock-only cache-only cache-only
peer-deps
modules-only no-lock no-cache no-modules no-clean no-clean
audit
npm@8 36.335 ±1.39 18.341 ±0.02 16.493 ±0.10 17.787 ±0.65 3.460 ±0.13 3.589 ±0.02 3.150 ±0.05 11.048 ±0.29 2.884 ±0.03 3.917 ±0.10
#6078 34.843 ±0.24 18.180 ±0.09 16.888 ±0.08 17.652 ±1.04 3.442 ±0.12 3.479 ±0.04 3.007 ±0.07 11.040 ±0.03 2.774 ±0.02 3.933 ±0.09

@saquibkhan
Copy link
Contributor

Did it run using --install-strategy=linked ?

How can we run these perf tests using linked install?

Shouldn't we see performnace improvements here?

no statistically significant performance changes detected

timing results
app-large clean lock-only cache-only cache-only
peer-deps modules-only no-lock no-cache no-modules no-clean no-clean
audit
npm@8 45.880 ±0.32 15.386 ±0.04 14.256 ±0.02 16.496 ±0.75 2.629 ±0.03 2.605 ±0.00 2.118 ±0.01 9.766 ±0.02 2.143 ±0.02 3.398 ±0.33
#6078 46.219 ±2.37 15.230 ±0.00 14.028 ±0.02 16.358 ±0.43 2.633 ±0.02 2.645 ±0.03 2.046 ±0.03 9.808 ±0.10 2.062 ±0.02 3.209 ±0.16
app-medium clean lock-only cache-only cache-only
peer-deps modules-only no-lock no-cache no-modules no-clean no-clean
audit
npm@8 30.844 ±0.85 12.217 ±0.03 11.158 ±0.08 11.776 ±0.12 2.439 ±0.04 2.417 ±0.07 2.207 ±0.02 7.681 ±0.00 2.070 ±0.01 2.930 ±0.05
#6078 28.304 ±2.25 11.875 ±0.13 10.983 ±0.06 11.819 ±0.30 2.393 ±0.02 2.431 ±0.02 2.106 ±0.01 7.511 ±0.01 2.004 ±0.03 2.852 ±0.03

@wraithgar
Copy link
Member

I'm not sure how automated performance tests used to detect regressions could be expected to know about a new flag in a PR and use it? That's not what that test is for.

@saquibkhan
Copy link
Contributor

agree for regression this is good and doing the right thing.

for this specific change we would love to see benchmark and perf suites results with new flag. How can i trigger that?

@fritzy
Copy link
Contributor Author

fritzy commented Jan 24, 2023

@saquibkhan I have a benchmarks branch that will address this.

@fritzy fritzy force-pushed the fritzy/linked-install3 branch from 31aba55 to ea39f75 Compare January 25, 2023 09:46
@bnb
Copy link
Contributor

bnb commented Jan 25, 2023

kermit the frog, excited for this

@wraithgar wraithgar merged commit 8d6d851 into latest Jan 25, 2023
@wraithgar wraithgar deleted the fritzy/linked-install3 branch January 25, 2023 20:47
@github-actions github-actions bot mentioned this pull request Jan 25, 2023
timothybonci pushed a commit to timothybonci/cli that referenced this pull request Feb 3, 2023
Co-authored-by: Vincent Bailly <vibailly@microsoft.com>

Implements the RFC https://github.com/npm/rfcs/blob/main/accepted/0042-isolated-mode.md

Packages are installed in node_modules/.store flat, and linked into the node_modules tree in depth, rather than hoisted.
@aaacafe786
Copy link

I hope this works with workspaces...

Vadman97 pushed a commit to highlight/highlight that referenced this pull request Apr 7, 2023
## Summary

<!--
Ideally, there is an attached GitHub issue that will describe the "why".

If relevant, use this section to call out any additional information
you'd like to _highlight_ to the reviewer.
-->

_This is part of a
[series](#4813) of PRs being
spun off from [my WIP
branch](lewisl9029#2) to get the
Highlight web app ready for [Reflame](https://reflame.app/). Hopefully
this makes things a bit easier to review, test, and merge. 🙂_

There were several places in the frontend codebase where we were
importing from `react-router`, a transitive dependency, instead of
`react-router-dom`, a direct dependency.

This is often referred to as a phantom dependency, and can cause a
number of issues, both in theory and practice:

- We have a rule against importing `useParams` from `react-router-dom`,
but that does nothing to protect against importing `useParams` from
`react-router`. In fact, this was something I [had to
fix](38a02f4#diff-5fd6e69a538cbc878adc5b71eb5d9a6d68cd53d6588689284f4ecd9506343681L49)
as part of this PR.

- Since the versions of transitive deps are not specified explicitly,
they can easily change under our feet without us noticing and
potentially cause us to import a different version than we were
expecting, or can even inexplicably disappear altogether when seemingly
unrelated deps change. The potential for spooky actions at a distance is
greatly exacerbated in a large monorepo like we have here. The Rush.js
folks did a great
[writeup](https://rushjs.io/pages/advanced/phantom_deps/) on the perils
of phathom dependencies, so I won't rehash all the details.

- It's incompatible with stricter package management schemes like pnpm
(and the one used by [Reflame](https://reflame.app/) itself, which was
admittedly my primary motivation for this PR 😅) that don't expose
non-direct dependencies to the resolution algorithm to begin with,
specifically to combat the phantom dependency problem.

All I did to fix this was to search & replace all references of
`'react-router'` to `'react-router-dom'`. And to prevent this specific
issue from happening again, I added `react-router` to our existing list
of restricted imports in eslint. For a more thorough defense against
phantom deps, we'll need to switch to something like pnpm, npm's new
[`linked` install strategy](npm/cli#6078), or
possibly yarn's [pnpm nodeLinker
option](yarnpkg/berry#3338) for a less
disruptive migration (though I have no idea if it does what I think it
does).

## How did you test this change?

<!--
Frontend - Leave a screencast or a screenshot to visually describe the
changes.
-->

I ran `yarn turbo run dev --filter frontend...` locally and poked around
the app.

## Are there any deployment considerations?

<!--
 Backend - Do we need to consider migrations or backfilling data?
-->

None that I can think of.
@slavb18
Copy link

slavb18 commented Apr 11, 2023

Hi!

Could you more deeply explain how works --install-strategy=linked?
Does node_modules/.store in each project contain copy of dependency (e.g. with 10 projects containing same dependency, there will be 10 copies of dependency)

Or there will be shared dependency cache, with links from packages node_modules/.store ?

@iSuslov
Copy link

iSuslov commented Dec 20, 2023

Hey @fritzy, was there any issue with local packages? It doesn't link local package dependencies which seems strange

Update: my packages have different names from their containing folders and it turns out I'm facing existing bug: #6122

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

9 participants