Dependency caching is a good practice about nodebestpractices HOT 14 CLOSED

@samrocketman just to clarify - I feel that it's the right thing to do, just need help in distilling the essence of it

from nodebestpractices.

@samrocketman Welcome! Great idea.

Only having thoughts if today, when unpublish is not allowed anymore and npm-registry is a bit more reliable + yarn + shrinkpack as an alternative, not sure how critical it is. But definitely has a value + better performance for developers/ci/cd

Maybe we should pack into this other benefits of professional artifacts management? what other benefits does nexus/artifactory brign to the table?

from nodebestpractices.

I tend to insulate critical processes from the internet as much as possible. Artifact repositories have other benefits (depending on your infrastructure) but my best practice recommendation is focused on dependency caching. Feel free to close this issue if you don't want to include this recommendation.

Dependency caching applies to all where as other benefits are typically good for some and not others.

from nodebestpractices.

@samrocketman I just want to discuss and clarify what exactly we recommend. 'Isolate critical process from the internet' is pretty debatable in the age of cloud computing: most of the CI/CD vendors (critical process) are on the internet, the run-time itself is on the internet cloud.

So it this more about the speed, resiliency (prevent downtime), untrust small vendors (NPM inc < AWS)?

from nodebestpractices.

I understand. After rereading my response it looks a bit terse. That was not my intent. I work a lot with running Nexus as a dockerized service so perhaps I could update my code to reflect my existing practices. So one has a quick example in which to docker-compose up.

ref: https://github.com/samrocketman/nexus3-ssl

from nodebestpractices.

@samrocketman I think it's a great idea for a new practice.

I would only restrict in the explanation text that it mostly fits big project that constitutes frequent npm installations in production (scaling-out, rolling version) and repository downtime cannot be tolerable

would you like to write and PR your idea?

from nodebestpractices.

Hello there! 👋
This issue has gone silent. Eerily silent. ⏳
We currently close issues after 100 days of inactivity. It has been 90 days since the last update here.
If needed, you can keep it open by replying here.
Thanks for being a part of the Node.js Best Practices community! 💚

from nodebestpractices.

I would like this re-opened. I forgot about it. If you can, please assign this to me and I will contribute a PR.

from nodebestpractices.

@i0natan ping for visibility

from nodebestpractices.

@samrocketman Great to have you back man.

I'm thinking out loud whether this item is not too niche, npm registry downtime is still rare. Maybe include other reasons to use an artifact manager? what are artifactory/nexus selling points?

from nodebestpractices.

Several years ago my company was unaffected by the unpublished leftpad library.

The goal is simple, to make a delivery pipeline as reliable and repeatable as possible.

In our multi-language projects we proxy dependencies not just for NodeJS but for every language stack being used.

from nodebestpractices.

@samrocketman Yes, it's a good practice that might once in a few years prevent deployments block. To my personal judgement, we should keep the guide focused on risks with almost immediate impact. Given this, I suggest to put it as a paragraph within 5.16. (atomic deployments) but not a separate bullet. Does this resonate with you?

from nodebestpractices.

I guess I’m just struggling to relay the value it brings to me. In practice, once in a few years is not my experience.

It’s good to mention it in atomic deployments. Not all organizations need it.

from nodebestpractices.

In practice, once in a few years is not my experience

Did you face a more frequent npm downtimes?

from nodebestpractices.