Handed a project that has a composer.json that has all package versions listed as "*" and has no composer.lock file
In the original project, running composer show, tells me all versions of everything installed. Excellent.
Running the project on a different machine, running composer install gets all the latest packages, which breaks the project because major updates mess with everything.
I'd love to know if it's possible to trade out all those "*"'s with caret version numbers utilising composer show --save-dev or something similar. Perhaps only possible by running a script or installing something?
Related
I am attempting to install closed source software from Silego, GreenPAK Designer, on a machine running Fedora 19. The supported installation packages on Silego's Website only target Ubuntu and Debian. I downloaded the .deb package and used Alien to convert to an RPM. So far so good, but a dry run of yum install showed dependency errors, which I solved by installing the necessary packages with yum:
qt5-qbase
qt5-qbase-gui
qt5-qtdeclarative
qt5-qtlocation
qwt
Now, yum installed the above libraries in /usr/lib/ but the GreenPAK RPM defaults to /usr/local/bin as the output dir. I figured I could run
sudo yum localinstall --nodeps --noscripts greenpak-designer-x.x.x.rpm
and get a successful install but I received conflict errors relating to dirs such as '/', '/usr', '/usr/bin' etc. I worked around this issue with:
rpmrebuild -pe --notest-install --replacefiles --noscripts greenpak-designer.x.x.x.rpm
and removing the offending lines in the script. It allowed me to install rpm but the software is broken because of dependency issues (not surprisingly). From the system log:
Jan 4 16:06:49 pelican gnome-session[1729]: /usr/local/greenpak-designer/bin/GP5: error while loading shared libraries: libicui18n.so.52: cannot open shared object file: No such file or directory
The machine has a /usr/lib/libicui18n.so.50
One thing I did not try is rebuilding my shared object cache with ldconfig, which sometimes solves problems with missing .so links when building from source but I don't see how that would apply in this instance (I'm not trying to link object files to libraries, rather simply trying to drop binaries in default install locations, no?)
Of course, I contacted the vendor and begged for an RPM. The contact was helpful but informed me the software folks are on a well deserved break. I thought I'd continue puttering with this in the meantime while I have time.
Any ideas? It seems the solution to this problem would be helpful when trying to install almost any closed source software targeting Debian on a Fedora box.
With the release of npm#5, it will now write a package-lock.json unless a npm-shrinkwrap.json already exists.
I installed npm#5 globally via:
npm install npm#5 -g
And now, if a npm-shrinkwrap.json is found during:
npm install
a warning will be printed:
npm WARN read-shrinkwrap This version of npm
is compatible with lockfileVersion#1,
but npm-shrinkwrap.json was generated for lockfileVersion#0.
I'll try to do my best with it!
So my take-away is that I should replace the shrinkwrap with the package-lock.json.
Yet why is there a new format for it? What can the package-lock.json do that the npm-shrinkwrap.json cannot?
The files have exactly the same content, but there are a handful of differences in how npm handles them, most of which are noted on the docs pages for package-lock.json and npm-shrinkwrap.json:
package-lock.json is never published to npm, whereas npm-shrinkwrap is by default
package-lock.json files that are not in the top-level package are ignored, but shrinkwrap files belonging to dependencies are respected
npm-shrinkwrap.json is backwards-compatible with npm versions 2, 3, and 4, whereas package-lock.json is only recognized by npm 5+
You can convert an existing package-lock.json to an npm-shrinkwrap.json by running npm shrinkwrap.
Thus:
If you are not publishing your package to npm, the choice between these two files is of little consequence. You may wish to use package-lock.json because it is the default and its name is clearer to npm beginners; alternatively, you may wish to use npm-shrinkwrap.json for backwards compatibility with npm 2-4 if it is difficult for you to ensure everyone on your development team is on npm 5+. (Note that npm 5 was released on 25th May 2017; backwards compatibility will become less and less important the further we get from that date, as most people will eventually upgrade.)
If you are publishing your package to npm, you have a choice between:
using a package-lock.json to record exactly which versions of dependencies you installed, but allowing people installing your package to use any version of the dependencies that is compatible with the version ranges dictated by your package.json, or
using an npm-shrinkwrap.json to guarantee that everyone who installs your package gets exactly the same version of all dependencies
The official view described in the docs is that option 1 should be used for libraries (presumably in order to reduce the amount of package duplication caused when lots of a package's dependencies all depend on slightly different versions of the same secondary dependency), but that option 2 might be reasonable for executables that are going to be installed globally.
Explanation from NPM Developer:
The idea is definitely for package-lock.json to be the Latest and
Greatest in shrinkwrap technology, and npm-shrinkwrap.json to be
reserved for those precious few folks out there who care very much
about their libraries having an exact node_modules -- and for people
who want CI using npm#>=2 to install a particular tree without having
to bump its npm version.
The new lockfile ("package-lock.json") shares basically all of the
same code, the exact same format as npm-shrinkwrap (you can rename
them between one another!). It's also something the community seems to
understand: "it has a lockfile" seems to click so much faster with
people. Finally, having a new file meant that we could have relatively
low-risk backwards-compat with shrinkwrap without having to do weird
things like allow-publication mentioned in the parent post.
I think the idea was to have --save and shrinkwrap happen by default but avoid any potential issues with a shrinkwrap happening where it wasn't wanted. So, they just gave it a new file name to avoid any conflicts. Someone from npm explained it more thoroughly here:
https://www.reddit.com/r/javascript/comments/6dgnnq/npm_v500_released_save_by_default_lockfile_better/di3mjuk/
The relevant quote:
npm publishes most files in your source directory by default, and
people have been publishing shrinkwraps for years. We didn't want to
break compatibility. With --save and shrinkwrap by default, there was
a great risk of it accidentally making it in and propagating through
the registry, and basically render our ability to update deps and
dedupe... null.
So we chose a new name. And we chose a new name kind of all of a
sudden. The new lockfile shares basically all of the same code, the
exact same format
package-lock.json versions are guaranteed with only npm ci (since npm install overwrites package-lock.json if there is a conflict with package.json).
npm-shrinkwrap.json versions are guaranteed with both npm ci and npm install.
I'm having trouble with electron-compile.
The docs state
How does it work? (Easiest Way)
Change your reference to electron-prebuilt to electron-prebuilt-compile. Tada! You did it.
What reference, where? You can't be talking about package.json?
I've always run electron using supervisor -x "electron" -i "./" .
What am I completely missing / what should be the contents of my pull request to make this clearer?
I've installed electron-compile with npm i electron-compile --save-dev
I'd like to have es2015/jsx precompiled to es5, so that I can run a react application in electron. electron-compile appears to solve this problem.
You should install Electron as a dev reference in package.json, yes:
npm install --save-dev electron-prebuilt-compile
Don't install Electron as a global because then other people have to set stuff up to run your app (i.e. they now have to micromanage which version of Electron they have installed globally)
With the recent versions (electron 1.3.5), I was unable to get electron-prebuilt-compile working, well it works for development but packaging for production has no real working examples.
It seems the compiling and packaging needs to be done manually, so in case anyone needs a working example, it's here. Hope to save someone some time and pain.
Recently I deployed some projects like trntv/yii2-starter-kit and so on.but all applications are publishing assets on '#vendor/bower' instead of'#vendor/bower/bower-asset'. I have read the question Yii2 Composer manage package in bower and bower-vendor and solved it . but I still feel confused about the directory vendor/bower/bower-asset.
What's the part does bower/bower-asset play in php application? it is not a composer package but many theme store in there. Furthermore, bower is a dependency management for javascript just like Composer for PHP , but how does it solve dependency for js package by PHP on this occasion that I have not install node.js environment?
The idea of Composer Asset Plugin is to download Bower / NPM packages and manage their dependencies without having Node JS, Bower and NPM installed (through PHP / Composer). Also it adds possibility to add JavaScript dependencies for PHP packages that use JavaScript libraries.
See for example yii2-bootstrap Yii2 extension (PHP) has a dependency on Bootstrap (JS + CSS):
"bower-asset/bootstrap": "3.3.* | 3.2.* | 3.1.*"
When you run composer install or composer update, all JS dependencies will be installed to vendor/bower folder.
This is built into the core, but very ambiguous, receives a lot of criticism and there are plans to remove it in 2.1.0 (as far as I remember, it was included before release of 2.0 even it was unstable). Unfortunately this is required and there is no normal way to disable it.
You can read more info on the extension's Github page.
As for folder name, it should be named bower, not bower-asset, if you installed everything correctly.
It's named like so automatically, make sure you have the latest version of plugin:
composer global require "fxp/composer-asset-plugin:~1.1.1"
I'd recommend to even switch to:
composer global require "fxp/composer-asset-plugin:*"
If you have problems or errors, execute:
composer global remove "fxp/composer-asset-plugin"
Then reinstall it again, delete vendor and composer.lock in your application folder and run:
composer install
I have a Gulpfile.js in Visual Studio 2015 RC with a single default task. For some reason it is not showing up in the Task Runner Explorer.
I had added gulp to the devDependencies in my package.json file and saved it.
I was also facing the same issue. Just restarted Visual Studio after adding the tasks to gulpfile.js and my problem was solved. All tasks were listed.
In the release candidate, editing the devDependencies in package.json and then saving does not result in the packages being automatically restored/added to the project as I had expected. After saving package.json the packages were listed under NPM in the Dependencies node in Solution explorer, but with a caption "not installed" next to the package names. Manually invoking Restore Packages, as shown in the screenshot, causes Visual Studio to install the pacakges.
After the node modules had been installed the gulp tasks were detected by the Task Runner Explorer.
I hope this helps someone else.
For me, Visual Studio crashed while installing the npm modules and it caused corruption in the npm cache.
I had to clean the cache, delete node_modules, and install again.
Close Visual Studio
Open node command prompt
cd [PROJECT_DIR]
npm cache clean
rimraf node_modules
This will delete the node_modules folder when windows fails because of deep nested paths
To install rimraf:
npm install rimraf -g
npm install
Now, open Visual Studio and it should work.
Answer taken from another question about gulp, but this worked for me
I had the same problem migrating from VS2013 recently. As Josh noted in his comment here Visual Studio 2015 ships with an older version of node. In case you don't want to get stuck with whatever version of node is built into Visual Studio, you can tell it to use the version you have already installed. Go to Tools > Options > Projects and Solutions > External Web Tools and reorder locations so that $(PATH) is above $(DevEnvDir)\Extensions\Microsoft\Web Tools\External. This also applies to other tools like Grunt, Bower and Gulp.
This is old question but same issue could be faced by VS 2017 users.
I was facing same issue in VS 2017 and mistakenly, I had added gulpfile.js in the sub folder.
Make sure gulpfile.js is in the root folder.
gulpfile should be in root folder
I had the same problem and no-one of suggested method works for me.
After re-installing NPM Task Runner the problem gone away.
You can download latest NPM Task Runner from marketplace in following link.
https://marketplace.visualstudio.com/items?itemName=MadsKristensen.NPMTaskRunner