Github releases for new versions

[orlitzky]

Hello, I'm packaging 'through' for Gentoo Linux and I noticed that only v2.2.0 is listed on the Github releases page. I know it's kind of a pain, but would it be possible to create a release for the newest version? Having the tarball available helps us avoid dependency hell because we only need tar/gzip to unpack the tarball while cloning a git repo requires a big pile of code =)

[dominictarr]

okay it looks like I didn't create tags for all of these versions, just put version bumps as commits. btw, did you know you can actually download any git commit as a tarball?

https://codeload.github.com/{username}/{project}/tar.gz/{commit_or_tag}

for example: https://codeload.github.com/dominictarr/through/tar.gz/4a5652f8ada85dd8d212d558f386e2ab57f36d46

One time I asked them to fix a problem with these urls and they did, so I guess that is a tacit admission it's a public api (although it's not documented ;)

[dominictarr]

btw, how/why are you packaging this for gentoo? npm already provides a very nice package manager. oh yeah---on that note, why don't you just download the packages directly from the npm registry? using npm show {module} command dump the registry data for that module, and that contains a tarball url which you can derive urls for any version.

eg, http://registry.npmjs.org/{module}/-/{module}-{version}.tgz

[orlitzky]

Thanks, I didn't know about the npm registry thing! I will get the sources there by default from now on.

I'm packaging them for Gentoo because npm has the same problem as bundler, cabal, easy_install, pip, cpan, cran, pear, composer, bower, elpa, ivy, nuget,... etc. It's good for getting up and running quickly but a nightmare for system administrators. A typical package in any language will have a dependency tree of, say, 100 packages. And suppose I have 1,000 packages installed on my machine. if everything is installed globally -- whatever, I've still got 1,000 packages installed. But if each one of them bundled its entire dependency tree, I'd have 100,000 packages installed instead. It'd be a full-time job just to keep my desktop machine up-to-date (i.e. secure). You mostly don't notice this because npm doesn't know what to do with packages that aren't written in javascript, so your dep tree is limited to a much smaller number of packages. But then things go bad when you need to depend on e.g. a DNS library written in C. So that's my rant =)

[kapouer]

It's also useful for bisecting. The tag gives us the commit hash and then it's possible to check each commit instead of downloading from npm only version by version.

[orlitzky]

I gave up on trying to package JS libraries, so no need to keep this open any more.