https://bugzilla.redhat.com/show_bug.cgi?id=1919295 --- Comment #9 from code@xxxxxxxxxxxxxxxxxx --- > - Why are node_modules symbolic links to node_modules_prod? Why not put them directly at node_modules? This is taken directly from the template at https://docs.fedoraproject.org/en-US/packaging-guidelines/Node.js/#_using_tarballs_for_bundling. I do not know the original rationale. ----- > - useless-provides: > This package provides 2 times the same capacity. It should only provide it > once. > > Apparently the bundled Provides are specified 2 times? See: > # find node_modules_prod/ -name 'ansi-styles' > node_modules_prod/log-symbols/node_modules/ansi-styles > node_modules_prod/ansi-styles > node_modules_prod/@babel/highlight/node_modules/ansi-styles > # rpm -q --provides -p /var/lib/mock/fedora-rawhide-x86_64/result/npm-name-cli-3.0.0-2.fc35.noarch.rpm | grep ansi-styles > bundled(nodejs-ansi-styles) = 3.2.1 > bundled(nodejs-ansi-styles) = 4.3.0 So some of the bundled dependencies are present in multiple places within the node_modules tree. It’s common for indirect dependencies to be present more than once in node_modules, and even for there to be no single version that would satisfy all of the packages that require a particular dependency. The bundled dependency gets listed once for each version that is bundled; rpmlint flags this because it did not anticipate anyone wanting to Provide two different versions of the same thing. I’m not sure how version information could be properly recorded without this repetition, but if you think this is not the correct behavior, I think the only recourse would be to raise an issue on https://src.fedoraproject.org/rpms/nodejs-packaging/. ----- > No the various .travis.yml .eslintrc .npmignore .eslintignore etc. should not be shipped > - npm-name-cli.noarch: E: script-without-shebang > - Remove various empty files shipped. I think these are reasonable requests, and I will follow up with a new spec and SRPM implementing them. I do think there is some question of how much packagers should meddle in the bundled dependencies, and some danger in doing so blindly. For example, the file > /usr/lib/node_modules/npm-name-cli/node_modules_prod/resolve/test/shadowed_core/node_modules/util/index.js is part of the tests for resolve, and removing it will break the tests. Now, nobody is going to run the tests on a bundled dependency, so it doesn’t matter if we break them; but I could imagine cases where zero-byte or hidden files really are needed at runtime. It doesn’t look like that is the case for anything here, and I don’t mind combing through the actual files to be sure of it. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure