Closed just-boris closed 8 years ago
We should use pkg.dist.shasum for registry dependencies I think. Changing it to use the name/version from the package.json was a bad idea. It's not really consistent and not really a CAS anymore (which is not nice :sob: ).
Why does it really matter?
Now npm registry doesn't allow to publish new package over existing version (just checked it to be sure), so you can probably trust package-name
+version
pair as a unique identifier.
We can't rely on shasum for tarballs, the same thing with incoming git
and github
dependencies. So, I'd like to have the same behavior for all resolvers.
Also, there is an issue #48. Now it seems that we can provide very good folder names without any suffixes.
Hmmm... yeah, fair point. git dependencies are a problem with the CAS (which is pretty funny considering the fact that git itself is a CAS).
I'm gonna merge this, but I'm gonna play a little bit around with alternative solutions,.
The fix is very small, but can bring a big performance profit.
Consider the following dependency tree:
Now package uid generated by specified version from package.json. That means that you get different packages as
packageC@^1.0.0
andpackageC@1.1.1
even if it will be resolved to the same version1.1.1
After this fix, the resolved version will be used and
packageC
instances will be merged and we will make fewer requests.