I'm planning to use WebJars (through Maven) instead of Bower for my projects.
What's the difference between the NPM, Bower and Classic flavors of WebJars?
My understanding is that since I used Bower, I should probably just use Bower WebJars since I can be sure that those artifacts will be available. Is that the right way to think about this?
Thanks, in advance, for the help.
It depends on where you want the source artifacts to come from. Classic WebJars usually come from a binary distribution of a library. Bower and NPM WebJars come from their respective sources.
The Classic WebJars are manually created and published by WebJar contributors. Bower and NPM WebJars can be published by anyone.
We have chosen for Classic WebJars.
Differences between Classic and NPM that made us go for Classic:
Classic WebJars have a smaller JAR size ( For example, jQuery 3.4.1 Classic is 308 KB, NPM is 476 KB)
NPM WebJars expose all sources in the project, which can result in a security problem if there is Javascript code with vulnerabilities in src of that Webjar.
Related
I've been trying to get a bazel monorepo with typescript to work. I have a couple of requirements in mind.
I should be able to import local packages using #myworkspace/ instead of ../../../ and so on, without needing Bazel. This is mostly so I get autocomplete while I'm writing.
The #myworkspace/ package should be the same during development and build time but only Bazel-managed dependencies should be resolved on imports when running sandboxed. Just so I know if I've messed up the name of the package in the js_library rule.
There should only be one lock file for the whole project. All dependencies should be located at root/node_modules.
It should be possible to individually deploy node packages i.e. #myworkspace/myCloudFunction.
It should be possible to include local dependencies in packages that will deployed.
I'm new to Bazel and it seems like it requires some mentality changes when coming from the NPM ecosystem. After googling, I've managed to find something that works for points 1 and 2 (But I might be wrong). I've published the playground repo at https://github.com/vitorelourenco/bazelmono-ts (pretty much a copy from https://github.com/lokshunhung/bazel-ts-monorepo with some ideas I took from https://github.com/angular/angular)
My questions about points 3 and 4:
Say I want the lib Lodash available on package #myworkspace/cloudFunction that will be deployed to Google Cloud Functions. If I install Lodash in the #myworkspace/cloudFunction folder, then Lodash will be added to package.json but I'll have a second node_modules folder and a second yarn.lock file, I don't want that. But if I install it in root/, then Lodash will not be added to the dependencies listed on package.json located at #myworkspace/cloudFunction, and when I deploy it, it won't install. Is there a smart way to handle this issue?
Point 5 is very similar. Ideally, the final Bazel output would have the local dependencies bundled in and ready to use but I can't seem to figure out a way to do it yet. I've tried adding a pkg_npm rule to //packages/app in the playgroup repo but couldn't get it to include //packages/common in it.
I implemented a ros package that depends on some other packages.
These packages depend on even more packages and so on...
How can I find out which packages are actually used when building and running nodes in my package?
(Except for looking at ALL the package.xml files manually, because there are multiple cases in which some packages are listed there but already deprecated and not actually used anymore)
So I'm looking for something like a tool/command/script that can list all actual package dependencies.
I think you can do this natively with rospack. To see everything a package depends on (including dependencies of dependencies) without duplicates, just do
rospack depends my_package
You can get it formatted with indents to see all dependency chains of each package (will include duplicates across chains if more than one package shares the same dependency):
rospack depends-indent my_package
And if you only wanted to know the immediate dependencies of your package, you can do:
rospack depends1 my_package
I'm not sure that addresses the problem you identify that it shouldn't identify deprecated dependencies, but if a package is still specifying a dependency explicitly in a package.xml, how is the system to know that isn't really a dependency? It'd be better to get those package.xml files up to date.
I am trying to clean my application of unused bower dependencies.
Is there a possibility or a tool to find unused bower dependencies in an application?
Bower downloads the packages and store them in the bower downloads directory. It is up to you to refer to these scripts in your application. You can search your application for the specific directory to find out if a script from that directory is ever referred to.
If you are worried about the scripts you are loading and not using any functions from them, there are tools available depending on the technology/framework you use.
If you are worried about the injected dependencies which are hardly ever used in the modules, then you should search for tools specified by the technology/framework.
Can someone tell me how to install Rascal?
The install instruction say - Eclipse Indigo for RCP/RAP - got it.
Then Install New Software and put in the repository address:
http://update.rascal-mpl.org/stable/
- done that
Check "Contact all update sites during install to find required software" - ok
Hit Next, and it complains can't find Jetty, so set up its repo, can't find some Http lib, and on it goes.
What I have done, after I temporarily gave up on Eclipse, is to compile using the Maven build.
This makes me think, is a dependency missing from the Developer Dependencies list? That being the 'rascal-master' project, which contains not much more than the top-level pom.xml file?
I downloaded that too, and tried to build. It did not work because Tycho could not resolve dependencies correctly, it ended up looking for pdb.values:0.0.0 instead of the correct version, I don't know how it managed to zero out the version.
I notice that there is a Jenkins build server, which presumably runs off the Maven poms? It might be an idea to update the Developer Dependencies page with an accurate list of what needs checked out to build from scratch with Maven. It should be as easy as check out some projects, then type 'mvn install' and it all works nicely. Perhaps that is already the case on the build server, but I can't get into the configurations to see how that works.
In the end I removed Tycho from the build, and found enough dependencies in the Maven central repo by hand to get it building, and just put in statements for each of them.
It really is a sad state of affairs the way that Eclipse disrespects the Maven repository, by creating their own and using their own format and tool; Tycho will not download stuff from Eclipse and put it in your local repository, from where you could use it in a more sane way.
The installation instructions seems to be outdated. I can confirm that Rascal will not install with Eclipse Indigo due to dependency errors. It works fine with Eclipse Juno for RCP/RAP.
Ouch, that's a painfull experience, it should not have been this hard, I will look into this.
As workaround: see Rascal Developer dependencies , if you install these dependencies by hand, it should work.
If you continue experiencing installation problems, leave a Github issue, since that is more suited for back and forward conversations.
To use Maven, you also need to insert the following into the pom.xml of rascal-master (replacing the old modules section if there is one):
<modules>
<module>../pdb</module>
<module>../pdb.ui</module>
<module>../pdb.values</module>
<module>../imp.runtime</module>
<module>../imp.pom</module>
<module>../ambidexter</module>
<module>../rascal</module>
<module>../rascal-eclipse</module>
<module>../rascal-shell</module>
<module>../rascal-feature</module>
<module>../rascal-update-site</module>
</modules>
Then run "mvn clean install" or "mvn clean install -DskipTests=true" from inside rascal-master.
Background: I'm just learning Groovy and Grails. I inherited a project from someone who has disavowed themselves of it completely, so I'm basically just thumbing around blindly. I am using the Springsource IDE.
My source had a number of plugin dependencies. I attempted to install these via the plugin manager but one plugin (image-tools) was not available through that medium and needed to be installed separately. I've been unable to install it or the others, as I always end up with build errors which apparently reverts the partial plugin install. While search for references to the image-tools plugin which I could comment out in an attempt to get SOMETHING compiling correctly, I found the .link_to_grails_plugins directory, which seemed to contain the source of all the necessary grails plugins.
Adding this to my classpath and rebuilding seemed to let me make some progress, but I'm not sure if that's what I should actually be doing. Can someone explain to me what this folder is used for? Google hasn't been particularly helpful.
.link_to_grails_plugins is not a standard Grails directory - it has been created by the STS IDE.
The Grails plugins are cached in the grails.project.plugins.dir and grails.global.plugins.dir as described in the documentation for Customizing the Build:
The image-tools plugin documentation indicates that it must be built from the source and provides the instructions for doing so.