Skip to content
This repository was archived by the owner on Sep 6, 2021. It is now read-only.
This repository was archived by the owner on Sep 6, 2021. It is now read-only.

Unifying third-party dependency management (through npm) #12006

@petetnt

Description

@petetnt

The issue

Currently there are at least four different ways managing third-party dependencies in the Brackets core:

  1. Git submodules
  2. node_modules committed into the folders themselves
  3. Plain dumps of the files
  4. devDependencies for Brackets itself:

and so on. Obviously every method has it's merits, for example in #11726 (comment) we had discussion on the merits of having submodules.

But let's take @busykai's comment on the merits of having submodules in that issue:

@zaggino, if you don't have a fork you never have a space to maneuver. If I remember correctly, we needed a modified version of CodeMirror on numerous occasions. jslint is another example. If you're using an npm version (i.e. a publicly distributed version) -- you're stuck. By stuck I mean if you fix it in the dependency upstream, you have to wait for 1) your contribution to be reviewed and accepted; 2) new package to be promoted and published. Logistically, it does not make any sense to wait for any of that. I don't know why would you assume it would never happen, it happened many times now.

Nowadays you can install npm install from any repo, from any branch, from any commit, from a tarball, pretty much from everywhere. You don't have to wait for an upstream fix if you don't want to, just push your fork to your own repo and change the dependency in package.json. When the upstream fix is ready, you can just change the dependency back and run npm install again. Sometimes you have to cherry pick commits or parts of them, and that's fine too. But hiding the third party dependencies to subfolders under subfolders easily lead (in my opinion) to heavily outdated dependencies and code rot. Just look at the current JSLint fork under https://github.com/adobe/brackets/tree/master/src/extensions/default/JSLint/thirdparty

This branch is 1 commit ahead, 223 commits behind douglascrockford:master

Which then leads into issues such as #12000. Who knows at what versions are the other dependencies at? At least I don't know, I assume fairly recent but I cannot be sure: hell, I cannot be sure what Brackets depends on without going through all the folders searching for node_modules, thirdparty folders, ´thirdparty-foo.js` files...

Proposed solution

Plain and simple: picking the de-facto way and running with it: managing all the core dependencies of Brackets through npm.

Potential problems / drawbacks of handling everything through npm

Handling all the dependencies through npm does have some small drawbacks that I can think of:

Increased maintenance cost

The maintenance cost of Brackets core can potentially increase if the dependencies are constantly kept up-to-date: this of course applies to other ways of maintaining the thirdparty deps too, but the simplicity of actually maintaining the dependencies might actually encourage people keep them up-to-date, which could increase the said cost.

There might be some potential conflicts if some of the extensions / core features use different versions of the same dependencies to boot.

Increased amount of third party files

This mostly applies to the few examples where the actual third party files are just dumped into the folders, but this is mostly a non-issue, as most of the files are already submodules or fully committed node_modules anyway.

Potential problems with different npm versions

Something could be borked with npm@2 that's fixed with npm@3

Summary of the benefits

Then consider the benefits:

  • Having all the current dependencies in one place
  • Unifying the way of introducing new third party dependencies (and removing unneeded once)
  • A lot smaller initial size of the repo
  • Simplifying the hacking process to git clone url/to/brackets && npm install
  • Not having to deal with with submodules (I once again had issues with them with Porting tern analysis of JS code to Node. #11948 when the submodule paths had changed)

npm@3 has neat deduping capabilities and flat tree methology, which also removes many pains from Windows users (see: #11988 (comment) and #11988 (comment))

Obviously this would need some of initial work but in the end would be totally worth it. Opinions?

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions