0

I have an Angular-Application, which I would like to bundle within a jar-File (containing the Back-End), using an Ant-script.
This Ant-script should install/update the dependencies (using npm) and then build the application using Angular CLI.
It will be used by multiple developers on multiple environments and not all of the developers have to deal with Front-End, so the requirements should be as low as possible.
Idealy only NodeJS needs to be installed on all the PCs.
Therefore the Ant-script has to make sure, that all the dependencies are installed and up to date, before building the web-page.
Now I can think of multiple ways for doing this, however I am not sure which one is the best and the most stable way:

  1. Delete node_modules folder and reinstall all modules using npm install.
    This is probably save, but slow, as an Angular-Applications have tons of dependencies to download.
  2. Use npm install, without deleting the node_modules first.
    This will be faster but some libraries (for example Angular CLI) suggest to do a clean install when updating.
  3. Use npm update. This way the dependencies would not only be installed, but also updated to match the latest possible version (^ or ~ will affect update).

At the moment I use npm install, if node_modules-folder does not exist and npm update otherwise.
The main problem is, that npm update might change the package.lock.json, which is versioned (as sugested by npm documentation) and it led to merge conflicts.

So basicly I am looking for a way to install all the needed dependencies (only NodeJS is a requirement for all developers) inside the build-script, without touching versioned files.

Robert P
  • 9,398
  • 10
  • 58
  • 100

2 Answers2

0

Option #1 is the way to go. You should only have your package.json file with all the dependencies that your project has. No need and really it's just way to have to include node_modules.

Nimrod P.
  • 150
  • 5
  • But using this method, every build has to install all the dependencies, even if they did not change since last install. So the build-process would slow down by a few minutes. – Robert P Dec 07 '17 at 16:10
  • How do you mean the lightest? The #2 Option would only install dependencies, if they are not yet installed (cause of the last build). The `node_modules` would never be included in source control if that is waht you mean. – Robert P Dec 07 '17 at 16:13
  • But then he would have to carry the node_modules inside his repository, which is a big no-no. – Nimrod P. Dec 07 '17 at 16:14
  • consider using yarn, This caches the packages locally and will copy from the cache every subsequent install if needed. Although the newer version of npm (5) does this to some degree it is nowhere near as quick as yarn in my experiences – Steverob2k Dec 07 '17 at 16:36
  • The `node_modules` would never be in the repository, just on the local PCs of the developers, who run the build-script. As they don't need to deal with it, this is not a problem (disk space shouldn't be an issue). – Robert P Dec 07 '17 at 16:38
0

It seems like npm ci (named after Continuous Integration) is the way to go here.
npm ci makes a clean install using the locked dependencies form package-lock.json and checks if they match with the dependencies in package.json. So it doesn't write to the package-lock.json, the installation seems to be a little faster as npm install, as it knows the exact version to install while npm install has to search for the exact version.
A good summary of the differences can be fond here

Robert P
  • 9,398
  • 10
  • 58
  • 100