A fast package manager for NodeJS written in Rust.
Make sure you have Rust installed first!
- Clone the repository
- Run
cargo run --release install package
orcargo run --release install package@version
IMPORTANT --preserve-symlinks
flag when running node myfile.js
. If development continues I'll make this easier so you don't have to do this extra step!
Benchmark of bun vs click clean install:
Based on benchmarks done with hyperfine, click is more or less the same speed as Bun for clean installs. Due to the nature of HTTP, it is hard to give an accurate answer as to who is "faster", as there are occassions where bun is faster than click. Sadly, at the moment we are 3-6x slower than Bun for loading cached modules.
At the moment it can perform an efficient clean install of a package which is cached. And then uses the cache when a module is downloaded twice. See here for features that are missing.
- Efficient version resolution which minimizes the HTTP throughput by using
{registry}/{package}/{version}
instead of{registry}/{package}
which has a significantly larger body size - Use of reqwest to create a HTTP connection pool
- Parallel and asyncronous HTTP requests to the NPM Registry API
- Use of the
Accept: application/vnd.npm.install-v1+json; q=1.0, application/json; q=0.8, */*
header which results in smaller HTTP body sizes - Duplicate avoidance by storing pre-installed versions in a HashMap for clean installs
- A global cache that symlinks point to, avoiding any file copies
- Package locks generated for each cached package, to avoid re-retrievel of the required dependencies
These are the primary functioning features required for this to pass as a "NodeJS package manager". There are plenty more quality of life and utlility features that will be neccessary:
- Expiry times for the cached packages
- Creation and maintainence of a
package.json
in the working directory - Creation and maintainence of a
package-lock.json
in the project directory - An
uninstall
command - An
update
command - There is also an off case where some packages contain an operator at the end of their version like this
< [email protected] > 1.1.2
which is not tolerated by semver - Use checksums to verify file downloads
- Proper error handling everywhere