Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Enforcing shared dependencies in a monorepo

We have a monorepo using lerna and yarn workspaces. Multiple teams contribute packages to it and there are some common dependencies where we want to force people to use the same version.

What are the options to force all packages to use the same version of specific dependencies? Is there a way to achieve that without writing custom scripts?

I want to prevent this situation:

my-repo/
  packages/
    pkg-A/
      package.json
        "address-validator": 1.1.0
    pkg-B/
      package.json
        "address-validator": 1.2.0

I know you can use lerna add or lerna run to add / upgrade in unison, but how to prevent an individual from unknowingly making their package unique?

like image 256
adanilev Avatar asked Mar 01 '19 00:03

adanilev


People also ask

How do you manage monorepo?

Maintain branch hygiene. Keep branches small, consider adopting trunk-based development. Use pinned dependencies for every project. Upgrade dependencies all at once, force every project to keep up with the dependencies.

Is a monorepo a good idea?

A monorepo removes barriers and silos between teams, making it easier to design and maintain sets of microservices that work well together. Standardization. With monorepos, it is easier to standardize code and tooling across the teams.

Is Facebook a monorepo?

Google, Facebook, Microsoft, Uber, Airbnb, and Twitter all employ very large monorepos with varying strategies to scale build systems and version control software with a large volume of code and daily changes.

What is monorepo lerna?

Lerna is a tool for managing JavaScript projects with multiple packages. Lerna manages monorepos, which can hold projects containing multiple packages within itself. Monorepos can be challenging to manage because sequential builds and publishing individual packages take a long time.

How do I reuse a shared package in monorepo?

Re-use code with shared packages while still keeping them isolated. Monorepo allows you to reuse your packages from other packages while keeping them isolated from one another. You can use a reference to the remote package and consume them via a single entry point. To use the local version, you are able to use local symlinks.

What are the disadvantages of using monorepo?

Monorepo Disadvantages: No way to restrict access only to some parts of the app. Poor Git performance when working on large-scale projects. Higher build time.

What is monorepo and how to use it?

Monorepo allows you to reuse your packages from other packages while keeping them isolated from one another. You can use a reference to the remote package and consume them via a single entry point. To use the local version, you are able to use local symlinks.

Does yarn support monorepos?

Yarn initially is a dependency manager for NPM packages, which was not initially built to support monorepos. But in version 1.0, Yarn developers released a feature called Workspaces. At release time, it wasn’t that stable, but after a while, it became usable for production projects.


1 Answers

I just noticed one nice solution to this problem in facebook's create-react-app. They import (all?) external dependencies in the react-dev-utils package and export them from there. Then all the other packages, like react-scripts, import dependencies from react-dev-utils.

This is nice because you only need to worry about using the latest version of one package (e.g. react-dev-utils) in order to use the latest version of all of the things you want to control. Also, it's flexible because you can override one of the dependencies by importing a different version directly.

So it could look like:

my-repo/
  packages/
    my-deps/
      pkg1.js // <--- module.exports = require("pkg1");
      package.json
        "pkg1": 1.2.0
    foo/
      index.js // <--- const pkg1 = require("my-deps/pkg1")
      package.json
        "my-deps": 1.1.0
like image 62
adanilev Avatar answered Oct 19 '22 10:10

adanilev