In an ongoing effort to lower the overhead of maintaining a large number of repositories and keeping their dependencies fresh, I’ve started integrating the repositories with Renovate Bot and migrating from Yarn (v1) to pnpm.
Yarn vs Pnpm
I moaned about Yarn v3 in September, and back then pnpm just didn’t work at all for me. Now, only a few months later, Vercel is not only supporting pnpm deployments but also sponsoring the project itself. As several notable JS projects (for example Vite
, vue/core
, and Pinia
) have already adopted pnpm, it felt like a right time to switch.
I’ve always liked yarn and I’ve used since the very early versions, but never managed to make the switch to yarn v2 or v3. I feel like the project failed in a big way to make the switch easier and even today v3 doesn’t have some of my most used commands like yarn outdated
(which, btw, pnpm has).
By far the biggest selling point of pnpm for me is the fact that it totally solves the infinitely heavy node_modules
issue by only keeping one set of physical dependencies per computer. I have tens of JS projects installed at any given time and most of them have several hundred megabytes worth of dependencies (thanks to the culture of is-odd -style packages). In these times of small-and-expensive SSD hard drives, that’s a huge win to have. I’m looking forward for the day when I can get rid of the last heavy node_modules
directory on my personal projects.
Renovate Bot
I’ve been testing out Renovate Bot in few projects for a couple of months. I like it much more than Dependabot because there’s much more configuration options and it knows how to handle both Python and modern JS (ie. pnpm) dependencies better.
Both pip-tools and pnpm integrations are still a bit of a moving target for Renovate but basics already work and the most important thing of knowing that there’s something I need to upgrade works perfectly already.
I’ve now started to add Renovate configuration for all of my repos and I’ll keep doing it until every single repo that is not archived and has a dependency file is handled by Renovate. Spending one morning in a week for updating the dependencies in active repositories and one morning in a month for rest of them is a small price to pay for the convenience that whenever you get back to a project, you know it will install and compile as it should. I’m not comfortable in enabling automatic merging of dep PRs just yet but I’m assuming the tech will be much better in a year or two so that will become a viable option as well (for those repos that have decent enough tests).