[Bug 1919295] Review Request: npm-name-cli - Check whether a package or organization name is available on npm

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



https://bugzilla.redhat.com/show_bug.cgi?id=1919295



--- Comment #9 from code@xxxxxxxxxxxxxxxxxx ---
>  - Why are node_modules symbolic links to node_modules_prod? Why not put them directly at node_modules?

This is taken directly from the template at
https://docs.fedoraproject.org/en-US/packaging-guidelines/Node.js/#_using_tarballs_for_bundling.
I do not know the original rationale.

-----

>  - useless-provides:
> This package provides 2 times the same capacity. It should only provide it
> once.
> 
> Apparently the bundled Provides are specified 2 times?

See:

> # find node_modules_prod/ -name 'ansi-styles'
> node_modules_prod/log-symbols/node_modules/ansi-styles
> node_modules_prod/ansi-styles
> node_modules_prod/@babel/highlight/node_modules/ansi-styles

> # rpm -q --provides -p /var/lib/mock/fedora-rawhide-x86_64/result/npm-name-cli-3.0.0-2.fc35.noarch.rpm  | grep ansi-styles
> bundled(nodejs-ansi-styles) = 3.2.1
> bundled(nodejs-ansi-styles) = 4.3.0

So some of the bundled dependencies are present in multiple places within the
node_modules tree. It’s common for indirect dependencies to be present more
than once in node_modules, and even for there to be no single version that
would satisfy all of the packages that require a particular dependency.

The bundled dependency gets listed once for each version that is bundled;
rpmlint flags this because it did not anticipate anyone wanting to Provide two
different versions of the same thing. I’m not sure how version information
could be properly recorded without this repetition, but if you think this is
not the correct behavior, I think the only recourse would be to raise an issue
on https://src.fedoraproject.org/rpms/nodejs-packaging/.

-----

> No the various .travis.yml .eslintrc .npmignore .eslintignore etc. should not be shipped

>  - npm-name-cli.noarch: E: script-without-shebang

>  - Remove various empty files shipped.

I think these are reasonable requests, and I will follow up with a new spec and
SRPM implementing them.

I do think there is some question of how much packagers should meddle in the
bundled dependencies, and some danger in doing so blindly. For example, the
file

> /usr/lib/node_modules/npm-name-cli/node_modules_prod/resolve/test/shadowed_core/node_modules/util/index.js

is part of the tests for resolve, and removing it will break the tests. Now,
nobody is going to run the tests on a bundled dependency, so it doesn’t matter
if we break them; but I could imagine cases where zero-byte or hidden files
really are needed at runtime. It doesn’t look like that is the case for
anything here, and I don’t mind combing through the actual files to be sure of
it.


-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
_______________________________________________
package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite Conditions]     [KDE Users]

  Powered by Linux