[BUG] serious npm ci performance regression in 7.21.0
#3676
Comments
sarahkadar
added
Bug
sarahkadar
changed the title
npm ci performance regression in v7.21.0npm ci performance regression in 7.21.0
This doesn't change any functionality, but it optimizes a few extremely hot code paths for the input typically encountered during a large npm project installation. `String.normalize()` is cached, and trailing-slash removal is done with a single `String.slice()`, rather than multiple slices and `String.length` comparisons. It is extremely rare that any code path is ever hot enough for this kind of thing to be relevant enough to justify this sort of microoptimization, but these two issues resulted in a 40-50% install time increase in some cases, which is fairly dramatic. Fix: npm/cli#3676
This doesn't change any functionality, but it optimizes a few extremely hot code paths for the input typically encountered during a large npm project installation. `String.normalize()` is cached, and trailing-slash removal is done with a single `String.slice()`, rather than multiple slices and `String.length` comparisons. It is extremely rare that any code path is ever hot enough for this kind of thing to be relevant enough to justify this sort of microoptimization, but these two issues resulted in a 25-50% install time increase in some cases, which is fairly dramatic. Fix: npm/cli#3676
This doesn't change any functionality, but it optimizes a few extremely hot code paths for the input typically encountered during a large npm project installation. `String.normalize()` is cached, and trailing-slash removal is done with a single `String.slice()`, rather than multiple slices and `String.length` comparisons. It is extremely rare that any code path is ever hot enough for this kind of thing to be relevant enough to justify this sort of microoptimization, but these two issues resulted in a 25-50% install time increase in some cases, which is fairly dramatic. Fix: npm/cli#3676
|
Thanks for the clear reproduction case! Was able to track this down to two very hot code paths in node-tar that were doing more work than needed. Should be much improved in the next release. |
|
thanks! |
|
@isaacs this is quite an improvement but unfortunately still not quite the same level of performance as re-ran the tests on i ran them several times so this is not within the margin of error. edit: don't mean to be splitting hairs here. but maybe there might still be some room for improvement? totally understand if this is not a priority at this point though. |
|
I have come across a similar problem with a single package: material-design-icons Here you'll find a repo for reproduction: https://github.com/eljenso/install-perf_material-design-icons But the most interesting results are when using different versions of In other words: upgrading to the latest version of |
|
@isaacs regarding my previous comment: |
|
As far as I can tell, the regression here is entirely due to making the tar extraction caching behavior sensitive to the fact that unicode-insensitive file systems exist. We're now doing a NFKD normalization on all filenames that are extracted, to avoid situations where files can clobber each other based on being different JavaScript string filenames that reference the same file due to unicode shenanigans. (See https://github.com/npm/node-tar/security/advisories?state=published) So, even thought the impact is minimal in most cases, if you have a single package that extracts close to 90 thousand files, it adds up. The good news is that the performance improvements in the versions since that change have bought back a lot of the perf regression from the security fix, but unfortunately not all of it. So this isn't a case where we caused a perf regression with a bug, then fixed the bug. It's that we fixed a class of security bugs, and in so doing caused an unavoidable (or at least, not easily avoidable) perf regression, and then fixed other bugs that were causing other unrelated performance issues. (Those were mostly regarding how we cache HTTP requests, and avoiding unnecessary HTTP cache revalidations.) I'll think on this some more and see if we can work out a way to still make the same unicode-safe filesystem guarantees, with less of a performance hit. If that's not possible, then the choice may just be between "don't have 89k files in a single package", or "be vulnerable to unicode filename attacks in published packages". |
|
@isaacs thank you for the thoughtful and detailed reply, I really appreciate it! |
|
Oh, also, looks like we did optimize away at least some of the perf regression that the tar security fixes initially introduced, so my last comment was only mostly correct 😅 #3676 (comment) |
This doesn't change any functionality, but it optimizes a few extremely hot code paths for the input typically encountered during a large npm project installation. `String.normalize()` is cached, and trailing-slash removal is done with a single `String.slice()`, rather than multiple slices and `String.length` comparisons. It is extremely rare that any code path is ever hot enough for this kind of thing to be relevant enough to justify this sort of microoptimization, but these two issues resulted in a 25-50% install time increase in some cases, which is fairly dramatic. Fix: npm/cli#3676 PR-URL: #286 Credit: @isaacs Close: #286 Reviewed-by: @wraithgar
This doesn't change any functionality, but it optimizes a few extremely hot code paths for the input typically encountered during a large npm project installation. `String.normalize()` is cached, and trailing-slash removal is done with a single `String.slice()`, rather than multiple slices and `String.length` comparisons. It is extremely rare that any code path is ever hot enough for this kind of thing to be relevant enough to justify this sort of microoptimization, but these two issues resulted in a 25-50% install time increase in some cases, which is fairly dramatic. Fix: npm/cli#3676 PR-URL: #286 Credit: @isaacs Close: #286 Reviewed-by: @wraithgar
Is there an existing issue for this?
Current Behavior
time npm ci --no-audit --prefer-offline[email protected]:
[email protected]:
i did an
rm -rf node_modules && rm -rf workspaces/test/node_modulesby hand each time and the cache is completely warm.i tested this on my laptop (2019 16" MBP, Core i9, 64 GB RAM, internal SSD) but i see this slowdown in our CI as well (GitLab CI, custom GitLab runners on AWS,
c5d.xlargeinstances using docker machine)Expected Behavior
[email protected] not be 50% slower
Steps To Reproduce
npm ci --no-audit --prefer-offline(twice so the cache is warm)Environment
The text was updated successfully, but these errors were encountered: