npm WARN deprecated bower@1.8.2 ... migrating to Yarn

[pixelliquid]

How to reproduce this bug:

1. fire up Terminal
2. npm install --global foundation-cli

What should happen:

installation foundation-cli

What happened instead:

installation foundation-cli failed with deprecated message:
npm WARN deprecated bower@1.8.2: ...psst! Your project can stop working at any moment because its dependencies can change. Prevent this by migrating to Yarn: https://bower.io/blog/2017/how-to-migrate-away-from-bower/

Foundation Version(s) you are using: 6.4

Do we need to take action on this?

[DanielRuf]

bower is dead. We will probably move the dependency to npm.

npm and yarn are not API compatible and use different lock files. We can not manage 2 lock files and package managers at the same time (I guess so).

[ncoden]

@DanielRuf See yarnpkg/yarn#3614, there's some interesting discussions up there.

[DanielRuf]

There is still no decision afaik yarnpkg/yarn#3614 (comment)

[ncoden]

Yeah but some solutions:

To anyone who's intersted, I created a small tool that can convert package-lock.json to yarn.lock and vice versa. Would love to know if it works out for you: https://github.com/imsnif/synp
-- yarnpkg/yarn#3614 (comment)

My scenario was to generate package-lock.json file for project where there is already yarn.lock file for longer period of time (and newer versions of dependencies exist). Therefore I've used npm-shrinkwrap to generate lock file for current node_modules tree (installed by yarn). npm install would generate lock file with possibly newer versions of packages. And the trick is that npm-shrinkwrap.json has same structure as package-lock.json (excepts some metadata that are added by npm install at the end).
-- yarnpkg/yarn#3614 (comment)

[DanielRuf]

Wouldn't we then have to purge one of them regularly and reconvert / regenerate it?
I would prefer the way package-lock.json ~> yarn.lock

[ncoden]

We would have to do that only when we would like to update our dependencies. Why package-lock.json ~> yarn.lock ?

[DanielRuf]

The merge-policy --ours may be useful then.

Because npm has a wider adoption and less issues and shrinkwrap and package-lock are more battle tested than yarn.lock and already longer available.

But it is just my opinion on managing both dependency managers.

[ncoden]

Because npm has a wider adoption and less issues and shrinkwrap and package-lock are more battle tested than yarn.lock and already longer available.

👍 fair enough

[colin-marshall]

Related: foundation/foundation-cli#87

@ncoden is it appropriate for this issue to remain open here on the foundation-sites repo since it is about the foundation-cli which requires bower for foundation-apps and foundation-emails?

[DanielRuf]

We can easily switch to npm. Shall I provide some PRs?

[ncoden]

Following the @colin-marshall's comment, closing this in favor of foundation/foundation-cli#87