... it downloads the source files from the GitHub repo, not the dist files published to npm. (This single repo is used to publish multiple npm packages, which may be part of the complication. It also doesn't commit the dist files to the repo itself, just builds them and pushes them to npm.)
However, when I install that same package using npm...
... it downloads the dist files, as published through npm.
Question: Is that the expected behavior of asset-packagist?
I'm trying to include a client-side JavaScript library in a PHP application, but in a way that will enable me to detect security advisories if/when they are published (which various services do by looking at the composer.json/.lock and the package(-lock).json files), so I'd like to include it via composer.json or package.json rather than either using an "unpkg" script tag or copying the actual file into my own repo.
forevermatt
commented
1 year ago
When I using the (awesome) asset-packagist service to install
@simplewebauthn/browser...... it downloads the source files from the GitHub repo, not the dist files published to npm. (This single repo is used to publish multiple npm packages, which may be part of the complication. It also doesn't commit the dist files to the repo itself, just builds them and pushes them to npm.)
However, when I install that same package using npm...
... it downloads the dist files, as published through npm.
Question: Is that the expected behavior of asset-packagist?
I'm trying to include a client-side JavaScript library in a PHP application, but in a way that will enable me to detect security advisories if/when they are published (which various services do by looking at the composer.json/.lock and the package(-lock).json files), so I'd like to include it via composer.json or package.json rather than either using an "unpkg" script tag or copying the actual file into my own repo.