Fiddling around with the wire webapp which is available on GitHub I came across yarn.
Yarn is a package manager like npm which accesses the same repositories.
The design goals are reproducibility of builds, speed and security.
npm install -g yarn
or on macOS
brew install yarn
A new yarn project can be started with “yarn init”. After a couple of questions yarn creates a package.json file for you.
$ yarn init yarn init v0.27.5 question name (yarn_test): yarn_test question version (1.0.0): 1.0.0 question description: see how it works question entry point (index.js): index.js question repository url: question author: jboegeholz question license (MIT): MIT success Saved package.json Done in 35.38s.
Adding dependencies is easy as well:
$ yarn add grunt yarn add v0.27.5 info No lockfile found. [1/4] Resolving packages... [2/4] Fetching packages... [3/4] Linking dependencies... [4/4] Building fresh packages... success Saved lockfile. success Saved 89 new dependencies.
After adding the first dependency yarn downloads all sub-dependencies as well. On interesting fact is the creation of a lock file for dependency versions. That means If you check in the yarn.lock that you can reproduce your builds deterministically.
When you already a project setup you can easily install all dependencies with:
$ yarn install