https://bugzilla.redhat.com/show_bug.cgi?id=1518262 --- Comment #4 from Zuzana Svetlikova <zsvetlik@xxxxxxxxxx> --- > Upstream does not advise that yarn sources are retrieved from npm and suggest it should be packaged from the pristine sources uploaded to GitHub. I haven't seen such information. But I admit, that among alternative install methods[1] they state "installing from npm is not recommended due to security risks" and rather provide their own tarball, which is, however, the same, contentwise. I will change URL to that source [2]. When I tried GH sources, I needed to install quite an amount of packages. To be exact: root@435574b62c7d:~/yarn# npm ls | wc -l 1725 I would like to avoid that. > Also, I don't know of any conflicts that exist for "%{_bindir}/yarnpkg". I wanted some consistency, so I renamed both yarn and yarnpkg. Readme added. [1]: https://yarnpkg.com/en/docs/install#alternatives-tab [2]: https://yarnpkg.com/downloads/1.3.2/yarn-v1.3.2.tar.gz Spec URL: https://zvetlik.fedorapeople.org/nodejs-yarn/nodejs-yarn.spec SRPM URL: https://zvetlik.fedorapeople.org/nodejs-yarn/nodejs-yarn-1.3.2-2.fc28.src.rpm -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx
