node.js 为什么我不使用 npm 来安装纱线?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/40025890/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Why wouldn't I use npm to install yarn?
提问by chrisarnesen
In the blog post announcing yarn (an alternative npm client)they say, "The easiest way to get started is to run npm install -g yarn". But if you go to the "install yarn" page in their docs, "npm install yarn" isn't listed on any of the platform-specific installation pages, and it's only offered as the third of three options on the "Alternatives" page. Furthermore when you npm installyarn it prints a deprecation warning, "It is recommended to install Yarn using the native installation method for your environment." So my question is if npm installis the easiest installation method, why isn't it a recommended method in their docs? Are there disadvantages to installing yarn using npm?
在宣布 yarn(替代 npm 客户端)的博客文章中,他们说,“最简单的入门方法是运行npm install -g yarn”。但是,如果您转到其文档中的“安装纱线”页面,则任何特定于平台的安装页面上都未列出“npm install yarn”,并且它仅作为“替代方案”页面上三个选项中的第三个选项提供. 此外,当您使用npm installyarn 时,它会打印一条弃用警告,“建议使用适合您环境的本机安装方法安装 Yarn。” 所以我的问题是如果npm install是最简单的安装方法,为什么它不是他们文档中推荐的方法?使用 安装纱线有缺点npm吗?
回答by Mike Hill
According to the Yarn project maintainers, installing Yarn via npm goes against the goals of the project, can cause issues, and is, in general, worse than platform-specific installation methods.
根据 Yarn 项目维护者的说法,通过 npm 安装 Yarn与项目目标背道而驰,可能会导致问题,并且通常比特定于平台的安装方法更糟糕。
Advantages to recommended platform-specific installation:
推荐的特定于平台的安装的优点:
The Yarn teams regards npm as insecure and unreliable. From the "Install via npm" section on Yarn's "Installation" page:
Note:Installation of Yarn via npm is generally not recommended. Installing Yarn with npm is non-deterministic, the package is not signed, and the only integrity check performed is a basic SHA1 hash, which is a security risk when installing system-wide apps.
For these reasons, it is highly recommended that you install Yarn through the installation method best suited to your operating system.
Running Yarn, which is a separate package manager utility, via npm can lead to edge-case issues (see issue 2072)
- Installing via a system package manager decouples Yarn from npm, allowing you to run Yarn without npm
- The system package manager typically runs regularly, keeping Yarn updated
- Installing Yarn via npm is slow
Yarn 团队认为 npm 不安全且不可靠。从 Yarn 的“安装”页面上的“通过 npm 安装”部分:
注意:一般不推荐通过 npm 安装 Yarn。使用 npm 安装 Yarn 是不确定的,包没有签名,唯一执行的完整性检查是基本的 SHA1 哈希,这在安装系统范围的应用程序时存在安全风险。
由于这些原因,强烈建议您通过最适合您的操作系统的安装方法安装 Yarn。
通过 npm 运行 Yarn,这是一个单独的包管理器实用程序,可能会导致边缘问题(请参阅issue 2072)
- 通过系统包管理器安装将 Yarn 与 npm 分离,允许您在没有 npm 的情况下运行 Yarn
- 系统包管理器通常定期运行,保持 Yarn 更新
- 通过 npm 安装 Yarn 很慢
Advantages to npm install -g yarn:
优点npm install -g yarn:
- Quick and easy (
npm install -g yarn) - Can be done in any npm environment (platform-agnostic)
- Familiar paradigm and process for Node.js developers
- Can be easily updated (
npm update -g yarn)- A Yarn update command exists (
yarn self-update) but it seems to be broken
- A Yarn update command exists (
- No dependence on system package managers
- Can use different versions of Yarn for different projects or different versions of Node.js via
nvm
- 快速简便 (
npm install -g yarn) - 可以在任何 npm 环境中完成(与平台无关)
- Node.js 开发人员熟悉的范式和流程
- 可以轻松更新 (
npm update -g yarn)- 存在纱线更新命令 (
yarn self-update) 但它似乎已损坏
- 存在纱线更新命令 (
- 不依赖系统包管理器
- 可以通过不同的项目或不同版本的 Node.js 使用不同版本的 Yarn
nvm
The system package manager arguments for the recommended installation tend to break down when referring to Windows, where there is no official package manager (unless you count Windows Update). Also, Windows package managers such as Chocolatey are often not configured for automatic updates.
当提到 Windows 时,推荐安装的系统包管理器参数往往会崩溃,因为那里没有官方包管理器(除非你算上 Windows 更新)。此外,像 Chocolatey 这样的 Windows 包管理器通常没有配置为自动更新。
I'm not sure that I fully agree with the Yarn team's decision on this, but they do make some fair points. The Yarn project is still young and if it is to become a replacement for npm then it wouldn't make sense to encourage npm as its primary installer.
我不确定我是否完全同意 Yarn 团队对此的决定,但他们确实提出了一些公平的观点。Yarn 项目还很年轻,如果它要成为 npm 的替代品,那么鼓励 npm 作为其主要安装程序是没有意义的。
Regardless, installations via npm seem to work just fine for now in most cases.
无论如何,在大多数情况下,现在通过 npm 安装似乎工作得很好。
Sources:
资料来源:
回答by nikjohn
There's no visible disadvantage to installing Yarn through npm. In fact I chose this method myself because of a few reasons:
通过 .yarn 安装 Yarn 没有明显的缺点npm。事实上,我自己选择这种方法是因为以下几个原因:
- It's clearly the easiest way to do it.
npm i --global yarnand you can literally replacenpmwithyarnon your console immediately. - If you're using
nvmand maintaining different code projects on each NodeJS version, then you can install Yarn on one version and not have it on the other - Honestly, the only reason I can think of that it is not mentioned in the Platform Specific installs, is that npm is platform agnostic
- 这显然是最简单的方法。
npm i --global yarn您可以立即在控制台上替换npm为yarn。 - 如果您
nvm在每个 NodeJS 版本上使用和维护不同的代码项目,那么您可以在一个版本上安装 Yarn,而不要在另一个版本上安装 - 老实说,我能想到在特定于平台的安装中没有提到它的唯一原因是 npm 与平台无关
回答by Mario Tacke
Because npmis not platform specific and runs on almost any system it is listed as an Alternative. There is no advantage or disadvantage over the platform specific installs. The difference would be the install location but all methods expose the global yarncommand to your CLI.
因为npm不是特定于平台的并且几乎可以在任何系统上运行,所以它被列为替代品。与特定于平台的安装相比,没有优势或劣势。不同之处在于安装位置,但所有方法都会yarn向 CLI公开全局命令。
I would argue they listed it as "the easiest way" because most people are already very familiar with npm.
我认为他们将其列为“最简单的方法”,因为大多数人已经非常熟悉npm.
