Support npm

[monshi]

Notion support for npm in toolchain same as yarn.

• Download the matching version of npm based on toolchain config in package.json
• Download the latest version of npm according to https://registry.npmjs.org/npm/latest
• npm shim executable

Open question: should we use npm version that is bundled with node.js by default? for instance, if I use [email protected] in my toolchain I'd get [email protected] by default, however, I can change that by pinning a different version in toolchain config.

[dherman]

We talked about this yesterday—here's a summary of what I suggested for the first level of support:

• For now, just let the default be that you get the npm that comes bundled with the distro of Node you're using.
• If your "toolchain" specifies "npm": true, then Yarn should be disabled by default (that is, executing yarn should give an error).
• If your "toolchain" specifies "yarn": $version and "npm": true, then both Yarn and npm should work.
• If your "toolchain" specifies "yarn": $version and doesn't specify "npm": true, then Yarn should work but executing npm should give an error.
• Maybe go ahead and recognize "npm": false and "yarn": false as well, as a way of explicitly disabling.
  I'm not 100% confident of these defaults, but we can tweak them.

For now let's not worry about letting you specify a specific version of npm. That's going to take a bit more work to make work in the upcoming reproducibility-focused architecture, and it's not a super critical feature to get working before then.

[monshi]

One alternative to "npm": true could be to default to true if "yarn": $version is not specified in "toolchain". For instance "toolchain" has "node": "8.2.1" which has the [email protected] bundled. If the "toolchain" doesn't have "yarn": $version we can assume "npm" is true.
What do you think?

[dherman]

Yes, agreed!

[rwjblue]

If the "toolchain" doesn't have "yarn": $version we can assume "npm" is true.

I would like to advocate for a check for the presence of a yarn.lock before falling back to npm in this case. Thoughts?

[charlespierce]

Given the issues that have been seen re: dependencies using npm run ... in their install scripts, it seems like it might be a better approach to always allow npm to work, since even if your project doesn't explicitly use it, it might still require the command to be available for one of the dependencies.

As an end user seeing my yarn install throw an error about npm is not supported in a yarn project would be confusing, and having to track down that it was some transitive dependency that is explicitly calling npm, while Notion was disabling that command would be difficult.

One option would be to have it still run, but show a warning if the yarn version is set. Something along the lines of This project is configured to use yarn, npm should be avoided to alert users that accidentally run npm in a yarn project.