$pm add vite
# should be success
$pm run vite --version
# shoud be fail
$pm run esbuild --version
vite has 4 transitive binaries vite
, rollup
, esbuild
and nanoid
.
A user expects only vite
available when installing vite
using package manager. (especially when installing for global $PATH
) However, its behavior is vary
- NPM downloads all of them into
node_modules/.bin
and link all of them to project /$PATH
- Yarn downloads all of them into
node_modules/.bin
but link onlyvite
in the project /$PATH
- pnpm downloads only
vite
intonode_modules/bin
, and link onlyvite
in the project /$PATH
- Bun downloads all of them into
node_moudles/.bin
, and link all of them to proejct /$PATH
Due to its behavior, NPM and Bun is not good for managing global installations. It could be a security risk (supply chain attacks) and it can bloats the completions on shell environment.
Sorry for the basic question, but can you clarify what you mean about Bun not being good for managing global installations?
Do you mean I shouldn't do
asdf global bun 1.1.11
, for instance, and only doasdf local bun 1.1.11
? Or is there something more to it?