Closed vitaly-zdanevich closed 5 months ago
What stops you from using npm ci
to get the exact dependencies as specified in the package-lock.json file?
In Gentoo, using system package manager (Portage), on install - we cannot execute network calls. Quote from the link:
You cannot have npm access the network. Portage blocks all networking during building (this starts after src_unpack finishes). So far, no one has found a good way to package nodejs items that I have ever seen. All sources (as of today) must be downloaded and ready by the end of src_unpack ready to be built and installed by other phases.
You can run npm ci
yourself on some other system to have the dependencies bundled, and then pass that archive to your package manager.
Yes, but I think better to have dependencies on your official account, not in my repo.
We are not going to publish a package with dependencies included. package-lock.json
serves that purpose.
In theory, one of the dependencies could have platform-specific code built at install time. If that is the case (even if not now, potentially in the future), then we would have to distribute packages for multiple targets. That is a maintenance burden that we are not willing to take on.
Sad, but you could use GitHub Releases page to provide an archive with dependencies :(
Its only a few lines in CI.
...or I will host dependencies in my repo :(
We are not going to publish a package with dependencies included
Maybe in Releases you could produce a separate archive only with dependencies? I think it should only one or two lines in your CI.
Hi, I am trying to create an ebuild for Gentoo - and the official way of handling npm dependencies - to have some tar.gz with all of them... See here for the context https://forums.gentoo.org/viewtopic-p-8818833.html#8818833