Duo
Yet another JS package manager

Duo is the latest package management tool for JavaScript. "Why yet another JS package manager?" you ask? Duo's pitch is that you don't need a manifest to manage your dependencies.
I will walk through some of the features of Duo adding my own commentary of how well I think Duo lives up to it's promise.
Getting started
To begin you will need to visit your terminal.
$ npm install -g duo
Next Duo needs to authenticate with GitHub so you'll have to add an entry to your ~/.netrc
file:
machine api.github.com
login <username>
password <token>
You can create a GitHub token here.
Now you can pull your dependencies straight from GitHub.
var _ = require('lodash/lodash');
While it's a one time thing to setup I don't love the requirement to authenticate with GitHub. I suppose it is handy for accessing private repositories should you have the need.
Version management
You will inevitably want to control the versions of your dependencies. Duo accommodates this using semver.
var _ = require('lodash/lodash@2.4.1');
No manifest is fine if you have a simple project with a single file. If you're dealing with a real world project with many files sharing the same dependency however this approach breaks down. It would be a nightmare trying to manage versions of packages this way.
File management
By default Duo will look for an index.js
file within the repository of the package that you are requiring. Duo provides syntax for specifying another file to load should the main file exist elsewhere.
var _ = require('lodash/lodash@2.4.1:/dist/lodash.js');
Using index.js
is a sensible default, but if it doesn't exist Duo doesn't fall back to looking at the main
of package.json
. When looking at the 10 most depended upon packages on npm's registry only six provide an index.js
. This requires a developer to look at the repository of the package they want to depend on to discover for themselves what main file to reference.
Package bundling
The one thing Duo does differently than existing package managers is that it merges package management and package bundling into a single tool. Where with npm you would also use something like webpack or browserify, Duo handles both tasks.
$ duo index.js > dist/my-project.js
The biggest catch here is that you have to execute a build step to run code.
First-class support for HTML and CSS
Another unique feature of Duo is the first-class support of HTML and CSS.
You can load a template straight into JavaScript and Duo will handle converting it to a JavaScript String
.
var template = require('./template.html');
Duo handles CSS as well.
@import 'necolas/normalize.css';
@import 'twbs/bootstrap@v3.2.0:dist/css/bootstrap.css';
This is actually a pretty useful feature. Not that it isn't already solved in other ways, but that they handle common use cases is handy.
component.json
When you dig a little deeper into Duo you discover that their pitch is actually misleading.
Pull dependencies straight from GitHub, without you needing to edit any package manifest file!
Source: http://duojs.org/
But what this really means is:
You don't need a manifest file to quickly scaffold a proof of concept, but if you are going to use Duo for a real-world app you should actually use a manifest.
Source: http://mattzabriskie.com/blog/duo
Just like Component, Duo uses component.json
to manage package versions (incidentally both Component and Duo are brought to you by Segment).
{
"name": "my-project",
"version": "0.0.0",
"main": "index.js",
"dependencies": {
“lodash/lodash": “2.4.1"
}
}
In the end this really isn't any different than using package.json
with npm.
Final thoughts
Ultimately I am not sold on Duo.
On one hand Duo offers:
- Quick scaffolding for small scripts.
- No need to register modules with package registry.
- Private repository support.
- One stop package management and bundling.
- First-class support for HTML and CSS.
- Source transforms for Coffeescript and Sass.
On the other hand:
- Dependencies will end up in
component.json
anyway. - Need to discover proper main of a package myself in many cases.
- Having a registry to search is useful.
- How do I know if package on GitHub is intended for wide use?
- Building is required to run any code.
- ~/.netrc file required to request packages from GitHub.
Open source hacker. Community organizer. Co-organizer @ReactRally. Software Sommelier.