Pack your dependencies in some archive - for some Linux package managers

[vitaly-zdanevich]

Hi, I am trying to create an ebuild for Gentoo - and the official way of handling npm dependencies - to have some tar.gz with all of them... See here for the context https://forums.gentoo.org/viewtopic-p-8818833.html#8818833

[Rob--W]

What stops you from using npm ci to get the exact dependencies as specified in the package-lock.json file?

[vitaly-zdanevich]

In Gentoo, using system package manager (Portage), on install - we cannot execute network calls. Quote from the link:

You cannot have npm access the network. Portage blocks all networking during building (this starts after src_unpack finishes). So far, no one has found a good way to package nodejs items that I have ever seen. All sources (as of today) must be downloaded and ready by the end of src_unpack ready to be built and installed by other phases.

[Rob--W]

You can run npm ci yourself on some other system to have the dependencies bundled, and then pass that archive to your package manager.

[vitaly-zdanevich]

Yes, but I think better to have dependencies on your official account, not in my repo.

[Rob--W]

We are not going to publish a package with dependencies included. package-lock.json serves that purpose.

In theory, one of the dependencies could have platform-specific code built at install time. If that is the case (even if not now, potentially in the future), then we would have to distribute packages for multiple targets. That is a maintenance burden that we are not willing to take on.

[vitaly-zdanevich]

Sad, but you could use GitHub Releases page to provide an archive with dependencies :(

Its only a few lines in CI.

...or I will host dependencies in my repo :(

[vitaly-zdanevich]

We are not going to publish a package with dependencies included

Maybe in Releases you could produce a separate archive only with dependencies? I think it should only one or two lines in your CI.