Open RFC Meeting (npm)

#### Meeting from: April 14th, 2021 # Open RFC Meeting (npm) ### Attendees - Darcy Clarke (@darcyclarke) - Ruy Adorno (@ruyadorno) - Gar (@wraithgar) - Daniel Park (@gimli01) - Wes Todd (@wesleytodd) - Isaac Z. Schlueter (@isaacs) - Jordan Harband (@ljharb) - Rebecca Turner (@iarna) ### Agenda 1. **Housekeeping** 1. Introduction(s) 1. [Code of Conduct Acknowledgement](https://www.npmjs.com/policies/conduct) 1. Outline Intentions & Desired Outcomes 1. Announcements 1. **Consider accepting...** 1. [x] **PR**: [#129 RFC: overrides](https://github.com/npm/rfcs/pull/129) - @isaacs 1. [x] **PR**: [#314 RFC: `registry:` dependency specifiers](https://github.com/npm/rfcs/pull/314) - @isaacs 3. [ ] **PR**: [#117 RFC: npm workspaces - Working with workspaces](https://github.com/npm/rfcs/pull/117) - @ruyadorno 1. **PR**: [#356 rfc: npm audit fix provides overrides](https://github.com/npm/rfcs/pull/356) - @iarna 1. **Issue**: [#347 [RRFC] Add `type` to `npm init`](https://github.com/npm/rfcs/issues/347) - @MylesBorins 1. **PR**: [#343 RFC: npm workspaces: auto switch context based on cwd](https://github.com/npm/rfcs/pull/343) - @ruyadorno 1. **PR**: [#339 rfc for improving command suggestions](https://github.com/npm/rfcs/pull/339) - @nlf 1. **PR**: [#336 RFC for `where` config parameter](https://github.com/npm/rfcs/pull/336) - @nlf 1. **PR**: [#314 RFC: `registry:` dependency specifiers](https://github.com/npm/rfcs/pull/314) - @isaacs 1. **PR**: [#182 RFC: npm audit licenses](https://github.com/npm/rfcs/pull/182) - @bnb 1. **Issue**: [#156 [RRFC] Optional install](https://github.com/npm/rfcs/issues/156) - @gotbahn 1. **PR**: [#117 RFC: npm workspaces - Working with workspaces](https://github.com/npm/rfcs/pull/117) - @ruyadorno ### Notes #### **Consider accepting...** 1. [x] **PR**: [#129 RFC: overrides](https://github.com/npm/rfcs/pull/129) - @isaacs 1. [x] **PR**: [#314 RFC: `registry:` dependency specifiers](https://github.com/npm/rfcs/pull/314) - @isaacs - [ ] **Action:** @isaacs to add a line/note on the fact that the `registry:` protocol will cascade that config to downstream fetching of deps 3. [ ] **PR**: [#117 RFC: npm workspaces - Working with workspaces](https://github.com/npm/rfcs/pull/117) - @ruyadorno - [ ] **Action:** @ruyadorno + @darcyclarke to comb through current state of terminology - Leave open until next weeks call #### **Issue**: [#156 [RRFC] Optional install](https://github.com/npm/rfcs/issues/156) - @gotbahn - [ ] Discuss next week #### **PR**: [#356 rfc: npm audit fix provides overrides](https://github.com/npm/rfcs/pull/356) - @iarna - @wesleytodd There are a few open questions in the original overrides RFC - @isaacs There a few comments but overrall it seems ready to be ratified - @isaacs asking about the end-user experience; ie. what happens with `npm audit fix`? Does - @ljharb we should document that `npm` will look for an updated version of the dependency before applying patches versions to overrides - [ ] **Action**: @isaacs to review RFC once more before committing to bulk advisory API addition/change (tentatively: this looks fine, probably no changes) - @wesleytodd wondering how these overrides/patches eventually go away &/or if the API/registry can make these go away - **Note:** the expectation is that this = is not a public registry feature/offering - @iarna what happens in the fresh install #### **Issue**: [#347 [RRFC] Add `type` to `npm init`](https://github.com/npm/rfcs/issues/347) - @MylesBorins - [ ] **Action:** @darcyclarke removing agenda label & going to provide feedback/notes from last meeting back to issue to capture circle back - **Note**: we are not expecting to add to the basic `npm init` template at this time #### **PR**: [#343 RFC: npm workspaces: auto switch context based on cwd](https://github.com/npm/rfcs/pull/343) - @ruyadorno #### **PR**: [#339 rfc for improving command suggestions](https://github.com/npm/rfcs/pull/339) - @nlf - [ ] **Action:** @darcyclarke Accept/ratify & move to "implemented" #### **PR**: [#336 RFC for `where` config parameter](https://github.com/npm/rfcs/pull/336) - @nlf - Leaving open for next week #### **PR**: [#182 RFC: npm audit licenses](https://github.com/npm/rfcs/pull/182) - @bnb - @bnb made a POC already, would need to update though to be closer to this spec - @bnb is waiting on direction/support - @isaacs we've wanted to pull in licensee for awhike, might be time to look at `npm audit` - @ljharb if weuse licensee or not, we should have all of its features #### **PR**: [#117 RFC: npm workspaces - Working with workspaces](https://github.com/npm/rfcs/pull/117) - @ruyadorno - [ ] @ruyadorno review to make sure this describes what the implementation landed on/is landing on