On Thu, Jun 18, 2020 at 3:09 PM Stephen Gallagher <sgallagh@xxxxxxxxxx> wrote: > The Node.js SIG is very loosely organized. If you are a packager and > write to the SIG to ask to be added to the FAS group > gitnodejs-packaging, I'll go ahead and add you. Hi Stephen, Thanks. I'll send an email to the SIG mailing list. > Zuzanna Svetlikova and I maintain the Node.js interpreter and NPM > package tool in modular and non-modular Fedora releases. This is not > going away. The packaging for these critical packages includes bundled > NPM content from upstream rather than consuming packages in Fedora > because the Node.js packaging ecosystem makes it realistically > impossible to package every individual dependency into RPMs (NPM alone > has 402 dependencies and it changes constantly). Sure, to be clear I wasn't worried about the interpreter and npm itself-- thanks for the work you do maintaining that! I'm primarily worried about the npm module ecosystem. > I've been meaning to bring up this topic on the Node.js SIG mailing > list for a while: I think Fedora should largely get out of the game of > delivering NPM modules and only concern itself with delivering tools > that provide applications or support for other software in Fedora. So > things like ycssmin and lessc would make sense to keep alive, but > probably we would build them with their NPM dependencies bundled to > match their upstream releases rather than waste time building dozens > or hundreds of dependent packages in Fedora. > > I have some thoughts on how this could be made easier, but I'll open a > different thread on that on nodejs@xxxxxxxxxxxxxxxxxxxxxxx to discuss > those. This seems sad, but probably inevitable given the mess that is the npm module ecosystem. My experience trying to package nodejs software has been that the upstream version requirements on modules are usually overly strict and can sometimes (but not always, of course) be considerably softened or worked around-- but in order to package every dependency we'd wind up needing to maintain hundreds if not thousands of packages, and it is a lot of work to keep them updated. So I suppose I'd be cautiously in favor, provided there was some kind of automation to help write/maintain this part of the spec. However... what should we do in the meantime to stop further nodejs software from being orphaned and retired? I imagine it will take some time to put together some tooling and/or guidelines for this, and these packages are set to be retired imminently. Can we temporarily allow the nodejs SIG fas group to become the POC of these packages to stop their retirement? I've gone ahead and taken mocha (running tests will be useful regardless of whether or not we start bundling NPM modules). I haven't yet figured out what I need to take to keep it + my other node packages alive for now, but I'll work through that this evening if no one suggests doing anything else. Ben Rosser _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
