Buckaroo Concepts for NPM Users

📝 Team Buckaroo, 20/03/2019
💬 Discuss on Hacker News


For many developers, out first experience of language package managers comes from NPM. NPM has been hugely successful in the JavaScript ecosystem, and has allowed it to grow at a phenomenal rate. In terms of easily reusable packages, JavaScript already outpaces C++, despite being over a decade younger.

But C++ and JavaScript are not direct competitors, and there are applications where the performance and flexibility of C++ is required. If you are a JavaScript developer looking for a C++ package manager like NPM, then this article is for you.

This is how the NPM and Buckaroo ecosystems line-up.

JavaScriptC++
PlatformsWeb, Node.js, ElectronNative, Mobile
Package ManagerNPMBuckaroo
Compiled Library FormatUMD, CommonJS, ES2015 module.so, .dll, .Framework
Build SystemWebpack, RollupBuck
CompilerBabelClang, GCC, MSVC
Package RegistryNPMGitHub, GitLab, BitBucket, Git
Manifestpackage.jsonbuckaroo.toml
Lock-filepackage.lock.jsonbuckaroo.lock.toml
Package foldernode_modules/buckaroo/

Note: there are fundamental differences between JavaScript and C++ that this article simplifies. Use this as an introductory overview, but you will eventually want to dig deeper!

Differences with NPM

Registry Artifacts

In NPM, you would usually compile your code to ES5 before uploading it to the NPM registry. With Buckaroo, you upload the source-code and build scripts to Git. The reason why Buckaroo does not work with compiled artifacts is to enable users of a package to compile it for their own target platform and with the configuration most appropriate for their use-case. In JavaScript, we do not face these issues. There is effectively only one platform (JavaScript) and configuration is done at run-time, since performance is not a primary concern.

Git as a Package Registry

NPM packages are stored on the NPM registry, whereas Buckaroo packages are stored directly in source-control. The reason for this is that Buckaroo packages are compiled by the consumer, whereas NPM packages are compiled by the author. This makes a binary registry unnecessary, and a security risk. You can read more about how this works in the docs.

Private and Public Dependencies

By default, all packages in Buckaroo are public, meaning that every dependency must resolve to the same version. This is different to NPM, where packages default to being private, meaning that each dependency can have its own version. The reason for this is various tricks are required to prevent symbol collisions in C++, and often the binary layout of objects matters.

Note that Yarn will attempt to make packages share a version of a dependency. Although this is not strictly required, it makes things more likely to work.

CLI Comparison

CommandNPMBuckaroo
Initializenpm initbuckaroo init
Add dependencynpm install <package>buckaroo add <package>
Install dependenciesnpm installbuckaroo install
Remove dependencynpm uninstall <package>buckaroo remove <pacakge>

You can read more in the docs.


💬 Discuss on Hacker News