this post was submitted on 13 Oct 2023
324 points (81.4% liked)

Programmer Humor

32410 readers
565 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

founded 5 years ago
MODERATORS
 

Sorry Python but it is what it is.

you are viewing a single comment's thread
view the rest of the comments
[–] pastermil@sh.itjust.works 73 points 1 year ago (18 children)

So you are saying that npm is better than pip?? I'm not saying pip is good, but npm?

[–] soeren@iusearchlinux.fyi 36 points 1 year ago (15 children)

npm has a lockfile which makes it infinitely better.

[–] bjorney@lemmy.ca 21 points 1 year ago (11 children)

pip also has lock files

pip freeze > requirements.txt

[–] soeren@iusearchlinux.fyi 0 points 1 year ago (1 children)

That's not a lockfile. This would be the equivalent of package.json

[–] bjorney@lemmy.ca -2 points 1 year ago (2 children)

How is it not a lock file?

package.json doesn't contain the exact version number of all downstream dependencies, this does

[–] gornius@lemmy.world 0 points 1 year ago (1 children)

Lockfile contains exact state of the npm-managed code, making it reproducible exactly the same every time.

For example without lockfile in your package.json you can have version 5.2.x. In your working directory, you use 5.2.1, however on repo, 5.2.2 has appeared, matching your criteria. Now let's say a new bug appeared in 5.2.2.

Now you have mismatched vendor code, that can make your code behave differently on your machine, and your coworker's machine, making you hunt for bug that wasn't even on your side.

Lockfile prevents that by saving an actual state of vendor code.

[–] bjorney@lemmy.ca 1 points 1 year ago

Yes, which is EXACTLY like a pip freeze'd requirements.txt, storing the exact version of every package and downstream dependency you have installed

load more comments (9 replies)
load more comments (12 replies)
load more comments (14 replies)