yarn.lock文件中同一软件包的多个版本

时间:2019-02-25 21:37:40

标签: javascript webpack yarnpkg

例如,我在yarn.lock中看到了一个包的3种不同版本:

angular@1.6:
  version "1.6.10"
  resolved "https://registry.yarnpkg.com/angular/-/angular-1.6.10.tgz#eed3080a34d29d0f681ff119b18ce294e3f74826"
  integrity sha512-PCZ5/hVdvPQiYyH0VwsPjrErPHRcITnaXxhksceOXgtJeesKHLA7KDu4X/yvcAi+1zdGgGF+9pDxkJvghXI9Wg==

angular@>=1.4.0, angular@^1.0.8:
  version "1.7.7"
  resolved "https://registry.yarnpkg.com/angular/-/angular-1.7.7.tgz#26bd87693deadcbd5944610a7a0463fc79a18803"
  integrity sha512-MH3JEGd8y/EkNCKJ8EV6Ch0j9X0rZTta/QVIDpBWaIdfh85/e5KO8+ZKgvWIb02MQuiS20pDFmMFlv4ZaLcLWg==

angular@~1.2.0:
  version "1.2.32"
  resolved "https://registry.yarnpkg.com/angular/-/angular-1.2.32.tgz#df52625a5167919931418dda3a9208b9f5fa3db4"
  integrity sha1-31JiWlFnkZkxQY3aOpIIufX6PbQ=

这是否意味着最终的捆绑包包含所有捆绑包,否则webpack如何知道要选择哪个版本?社区中解决该问题的最佳实践是什么?我知道--flat选项,但是有成千上万个软件包,我需要一段时间才能为每个选择一个。

2 个答案:

答案 0 :(得分:1)

要调查安装依赖关系的次数以及依赖于依赖关系的软件包(运行),请运行:yarn why <package-name>

查看是否可以升级(或降级)某些程序包,以确保程序包中的所有依赖项都使用相同版本的angular。

例如:yarn why execa

yarn why v1.22.5
[1/4] ?  Why do we have the module "execa"...?
[2/4] ?  Initialising dependency graph...
[3/4] ?  Finding dependency...
[4/4] ?  Calculating file sizes...
=> Found "execa@4.0.3"
info Has been hoisted to "execa"
info Reasons this module exists
   - "workspace-aggregator-c3b3be41-6d00-4635-98a6-d5373b215152" depends on it
   - Specified in "devDependencies"
   - Hoisted from "_project_#pretty-quick#execa"
   - Hoisted from "_project_#@tahini#nc#execa"
   - Hoisted from "_project_#execa"
   - Hoisted from "_project_#jest#@jest#core#jest-changed-files#execa"
info Disk size without dependencies: "136KB"
info Disk size with unique dependencies: "520KB"
info Disk size with transitive dependencies: "736KB"
info Number of shared dependencies: 19
=> Found "lint-staged#execa@2.1.0"
info This module exists because "_project_#lint-staged" depends on it.
info Disk size without dependencies: "76KB"
info Disk size with unique dependencies: "400KB"
info Disk size with transitive dependencies: "616KB"
info Number of shared dependencies: 19
=> Found "sane#execa@1.0.0"
info This module exists because "_project_#jest-haste-map#sane" depends on it.
info Disk size without dependencies: "40KB"
info Disk size with unique dependencies: "328KB"
info Disk size with transitive dependencies: "524KB"
info Number of shared dependencies: 16
=> Found "create-folder-structure#execa@2.1.0"
info Reasons this module exists
   - "_project_#create-folder-structure#pretty-quick" depends on it
   - Hoisted from "_project_#create-folder-structure#pretty-quick#execa"
info Disk size without dependencies: "76KB"
info Disk size with unique dependencies: "400KB"
info Disk size with transitive dependencies: "616KB"
info Number of shared dependencies: 19
=> Found "term-size#execa@0.7.0"
info This module exists because "_project_#nodemon#update-notifier#boxen#term-size" depends on it.
info Disk size without dependencies: "36KB"
info Disk size with unique dependencies: "324KB"
info Disk size with transitive dependencies: "520KB"
info Number of shared dependencies: 16

注意:

  • 有时是开发人员依赖性导致的。

答案 1 :(得分:0)

正如提到的另一个答案,这些额外的版本可能是由于开发依赖关系,实际上可能不会最终出现在您提供的 JS 包中。我建议使用捆绑分析器来确保您的应用仅附带所有大型模块(如 angular)的单一版本。

另一件需要注意的是,yarn v1.x 并没有积极优化和去重模块版本。如果您希望 yarn.lock 文件中的包数量最少,则需要在添加或升级 yarn 包后立即执行实用程序 npm 模块 yarn-deduplicate,即:

npm install -g yarn-deduplicate
yarn-deduplicate yarn.lock

此实用程序将分析和优化 yarn.lock 文件,以便通过最少的模块集满足所有版本依赖项。在上面的示例中,运行 yarn-deduplicate yarn.lock 可能会将 yarn.lock 中的前 2 个角度版本合并为一个版本:

angular@>=1.4.0, angular@^1.0.8, angular@1.6:
  version "1.6.10"
  resolved "https://registry.yarnpkg.com/angular/-/angular-1.6.10.tgz#eed3080a34d29d0f681ff119b18ce294e3f74826"
  integrity sha512-PCZ5/hVdvPQiYyH0VwsPjrErPHRcITnaXxhksceOXgtJeesKHLA7KDu4X/yvcAi+1zdGgGF+9pDxkJvghXI9Wg==

此优化/重复数据删除已内置于 yarn v2.x 中,因此我建议您升级 yarn,这样您就不必担心您的项目会出现此问题。