Migrating Existing Projects to NPM/YARN with drupal-libraries-sync

Switched Varbase libraries managements from Asset Packagist to NPM/Yarn with drupal-libraries-sync .

Why Changed

Because the previous approach had significant limitations in speed, security, maintainability, and ecosystem compatibility. Asset-packagist.org created bottlenecks and potential vulnerabilities that hindered development workflows.

The new NPM/Yarn approach provides modern package management that aligns with industry standards. By declaring dependencies in package.json and using the sync script to copy files from node_modules to docroot/libraries, developers gain better control over library versions, faster dependency resolution, and improved security through direct access to official repositories.

Moving with Automatic Updates, Package Manager, The Update Framework (TUF), PHP-TUF, and PHP-TUF Composer integration

Benefits of the New System

• Performance: Faster dependency resolution with modern package managers

• Security: Better vulnerability management through NPM/Yarn security auditing

• Maintainability: Standard front-end tooling that developers are familiar with

• Ecosystem: Access to the entire NPM ecosystem for front-end libraries

• Version Control: More granular control over library versions and updates

What Changed

This change improves developer experience with multiple drupal-libraries-sync options, while ensuring Varbase follows modern web development practices and maintains better long-term sustainability.

Before (Asset Packagist)

• Libraries were managed through asset-packagist.org

• Dependencies were declared in composer.json

• Libraries were automatically installed via Composer

After (NPM/Yarn + drupal-libraries-sync)

• Front-end libraries are managed via NPM/Yarn

• Dependencies are declared in package.json

• A sync script copies required files from node_modules to docroot/libraries

• Yarn is the recommended package manager

Step 0: Update The Varbase Project to 10.1.0-alpha3

• This change is available starting with Varbase 10.1.0-alpha3

• Projects using Varbase 10.1.0-alpha2 and earlier should stop using Asset Packagist

• The migration is backward compatible but requires manual intervention for existing projects

Check that you do have the docroot/profiles/contrib/varbase/scripts/drupal-libraries-sync.js file in the system.

Step 1: Remove Asset Packagist Dependencies

Remove any asset-packagist repositories and dependencies from your composer.json. The old composer.json configuration included asset-packagist.org repositories for managing npm assets like dropzone, blazy, slick-carousel, ace-builds, swagger-ui-dist, and CKEditor components:

Remove the asset-packagist repository configuration:

Also remove any npm-asset/* dependencies from the require section, "installer-paths" , "installer-types" from the composer.json file.

Step 2: Change the package.json in the Varbase Project

Change the package.json file in the Varbase project root with the following structure:

2.1 Add the following in "scripts":

2.2 Add the libraries under "dependencies":

2.3 Add the "drupal-libraries":

The full change in the package.json file could look like the following:

Step 3: Change the composer.json file in the Varbase Project

Add the new library sync commands to your composer.json:

Step 4: Install Dependencies and Sync Libraries

Run the following commands to install your front-end dependencies:

Step 5: Verify Installation

Check that libraries have been copied to the correct location:

You should see directories for each library defined in your package.json configuration.

Additional Resources

• NPM Documentation

• Yarn Documentation

• Drupal Libraries API