Yarn 2:零安装和正常安装的区别?
Yarn 2: Difference between Zero Installs and normal install?
关于零安装,Yarn 2 documentation 说:
While not a feature in itself, the term "Zero Install" encompasses a lot of Yarn features tailored around one specific goal - to make your projects as stable and fast as possible by removing the main source of entropy from the equation: Yarn itself. [...]
我通读了整个故事,但并没有完全理解。
Yarn 2 零安装和 Yarn 2 正常安装有什么区别?
不同之处在于,使用 Yarn 正常安装,您不需要提交 node_modules(所有依赖项),而使用零安装,您必须处理所有依赖项。
这当然会减少您对远程存储库的依赖,但是,它需要更多的责任,如文档中所述:
Note that, by design, this setup requires that you trust people
modifying your repository. In particular, projects accepting PRs from
external users will have to be careful that the PRs affecting the
package archives are legit (since it would otherwise be possible to a
malicious user to send a PR for a new dependency after having altered
its archive content).
毕竟,零安装是一个很棒的功能。它解决了 "I cloned/switched branch and now a dependency is missing" 问题,显着加快了 CI 速度,并降低了我们对本地 npm 注册表的依赖。
关于零安装,Yarn 2 documentation 说:
While not a feature in itself, the term "Zero Install" encompasses a lot of Yarn features tailored around one specific goal - to make your projects as stable and fast as possible by removing the main source of entropy from the equation: Yarn itself. [...]
我通读了整个故事,但并没有完全理解。
Yarn 2 零安装和 Yarn 2 正常安装有什么区别?
不同之处在于,使用 Yarn 正常安装,您不需要提交 node_modules(所有依赖项),而使用零安装,您必须处理所有依赖项。
这当然会减少您对远程存储库的依赖,但是,它需要更多的责任,如文档中所述:
Note that, by design, this setup requires that you trust people modifying your repository. In particular, projects accepting PRs from external users will have to be careful that the PRs affecting the package archives are legit (since it would otherwise be possible to a malicious user to send a PR for a new dependency after having altered its archive content).
毕竟,零安装是一个很棒的功能。它解决了 "I cloned/switched branch and now a dependency is missing" 问题,显着加快了 CI 速度,并降低了我们对本地 npm 注册表的依赖。