trusktr
commented
9 years ago This should be false by default. I feel like we're going against ease-of-usability by having this set to true by default.
Closed guybedford closed 9 years ago
trusktr
commented
9 years ago This should be false by default. I feel like we're going against ease-of-usability by having this set to true by default.
guybedford
commented
9 years ago @trusktr are you still having issues with npm auth?
trusktr
commented
9 years ago If the default is that npm auth is required out-of-the-box, then yes, but I haven't tried it since the last time.
guybedford
commented
9 years ago @trusktr yes I guess you are right here - implemented the more cautious authentication in https://github.com/jspm/npm/commit/edda1919a00aa20be84b1b63a5140f1940cb5705.
trusktr
commented
9 years ago @guybedford That's awesome.
Now, if JSPM supported post-install scripts on a per-package basis (in the jspm.scripts property, for example, falling back to the top-level package.json scripts property) (I know you are hesitant to add this feature) then I can consider using JSPM in rocket:module. I need to be able to ship NPM dependencies (defined by Meteor users and Meteor package developers, not by me, and in a simple way not requiring them to write hacks) to any number of Meteor packages in a given Meteor application. I'm currently doing this with Webpack. It's the only current option that is flexible enough to do this with. I like the concept of JSPM a shit ton, but can't use it because of the amount of post-install hacking, things that I can mostly configure with Webpack. For one, NPM dependencies with Webpack all can run postinstall scripts, so things just work. I know you don't like it, but it works. It might be a hack in your eyes (and, it probably is), but at least it saves the end user from having to make a hack. That's completely important. The architecture for Leaflet is so far behind in terms of module standards, that's it's easy to make a post install script rather than PR Leaflet to refactor the whole thing. So, when we install Leafler from github (you've given your users that option) we've gotta run this crap (so it makes sense that such cases should be supported).
I wish I could use JSPM, but Webpack's flexibility let's me do what I need to do for now. Having JSPM's ability to get packages from more places would be nice though...
By the way, Meteor has only a few hundred less stars on GitHub than Ruby on Rails now. I'd love to get JSPM in there, but it's got to be really easy to use and customize without requiring all package developers to adapt their packages to your JSPM standards, because, realistically, it's not doable.
These are my 2 cents @guybedford. I'm looking forward to see how JSPM progresses. :smiley:
When the
alwaysAuthoption is set to false in the npmrc, and we're using the npmrc, we should by default not use credentials.