yarnからnpmへの切り替え

[sanak]

切り替え手順メモ

M1 MacBook Pro (arm64), Node v22環境を使用し、以下の手順で切り替えを行っています。

1. 以下のサイトの手順を参考に、 yarn.lock から package-lock.json に変換
   • 🔀yarn.lock と package-lock.json を相互変換する - 辺境のアステリズム

   % git checkout -b 428-yarn-to-npm
   Switched to a new branch '428-yarn-to-npm'
   % npx synp --source-file ./yarn.lock 
   Need to install the following packages:
   synp@1.9.14
   Ok to proceed? (y) y
   
   Created package-lock.json
   % git status
   On branch 428-yarn-to-npm
   Untracked files:
     (use "git add <file>..." to include in what will be committed)
   	package-lock.json
   
   nothing added to commit but untracked files present (use "git add" to track)

2. node_modules フォルダを削除し、 npm i を実行してインストール

   % rm -rf node_modules
   % npm i
   npm warn old lockfile
   npm warn old lockfile The package-lock.json file was created with an old version of npm,
   npm warn old lockfile so supplemental metadata must be fetched from the registry.
   npm warn old lockfile
   npm warn old lockfile This is a one-time fix-up, please be patient...
   npm warn old lockfile
   npm warn deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
   npm warn deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
   npm warn deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
   npm warn deprecated abab@2.0.6: Use your platform's native atob() and btoa() methods instead
   npm warn deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
   npm warn deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
   npm warn deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported
   npm warn deprecated domexception@4.0.0: Use your platform's native DOMException instead
   npm warn deprecated memfs@3.6.0: this will be v4
   npm warn deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
   
   added 776 packages, and audited 777 packages in 21s
   
   176 packages are looking for funding
     run `npm fund` for details
   
   12 vulnerabilities (3 low, 4 moderate, 4 high, 1 critical)
   
   To address issues that do not require attention, run:
     npm audit fix
   
   To address all issues (including breaking changes), run:
     npm audit fix --force
   
   Run `npm audit` for details.

3. npm audix fix を実行して脆弱性のある依存パッケージを更新

   % npm audit fix
   
   added 7 packages, removed 2 packages, changed 18 packages, and audited 782 packages in 3s
   
   177 packages are looking for funding
     run `npm fund` for details
   
   # npm audit report
   
   webpack-dev-server  <=5.2.0
   Severity: moderate
   webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser - https://github.com/advisories/GHSA-9jgg-88mc-972h
   webpack-dev-server users' source code may be stolen when they access a malicious web site - https://github.com/advisories/GHSA-4v9v-hfq4-rm2v
   fix available via `npm audit fix --force`
   Will install webpack-dev-server@5.2.2, which is a breaking change
   node_modules/webpack-dev-server
   
   1 moderate severity vulnerability
   
   To address all issues (including breaking changes), run:
     npm audit fix --force

確認項目

• ローカルでのインストール・テスト動作確認
• CIの更新確認
• README.mdの更新

---

Closes #428

[Copilot]

Pull Request Overview

This PR migrates the project from Yarn to npm as the package manager. The migration involves converting the yarn.lock file to package-lock.json and updating documentation and CI configuration to use npm commands.

• Updates installation command documentation from yarn to npm install
• Adds a new GitHub Actions workflow configured for npm with multi-Node.js version testing
• Implements proper npm caching strategy in CI using package-lock.json

Reviewed Changes

Copilot reviewed 2 out of 4 changed files in this pull request and generated no comments.

File	Description
README.md	Updates installation instruction to use npm instead of yarn
.github/workflows/test.yml	Adds new CI workflow configured for npm with Node.js matrix testing

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[sanak]

次期Embed v5.0.0リリース後に再検討します。
なお、過去に yarn => npm => yarn に戻った経緯があるようなので、切り替えにより何らかの問題が発生したのか確認が必要かもしれません。

• yarn => npm: 2bbfacd
• npm => yarn: 開発環境の細かい改善 #230

[sanak]

こちらですが、v5前、かつ、nextブランチ向けのものになるため、一旦クローズして、新規で作成し直します。