#### Meeting from: January 26th, 2022 # Open RFC Meeting (npm) ### Attendees - Darcy Clarke (@darcyclarke) - Ruy Adorno (@ruyadorno) - Nathan Fritz (@fritzy) - Owen Buckley (@thescientist13) ### Previously... - [2022-01-19](https://github.com/npm/rfcs/blob/main/meetings/2022-01-19.md) ### Agenda 1. **Housekeeping** 1. Introduction(s) 1. [Code of Conduct Acknowledgement](https://www.npmjs.com/policies/conduct) 1. Outline Intentions & Desired Outcomes 1. Announcements - OpenJS World 2022 - https://events.linuxfoundation.org/openjs-world/ - CFP: https://events.linuxfoundation.org/openjs-world/program/cfp/ 1. **PR**: [#516 RFC: Deprecated packages UX revamp](https://github.com/npm/rfcs/pull/516) - @ruyadorno - @ruyadorno - last step in cleaning up `npm install` output - this has been outstanding for quite a while - deprecation warnings can be consolidated (making them less scary) - suggest bubbling up this information in a different command like `npm ls`, `npm explain` or `npm outdated` - suggest scoping this under a command `npm deprecations` but not super attached to this - @fritzy - immediate thought, don't think we need a dedicated command or global flag - when something is installed global, we probably don't care about dev dependency - @darcyclarke - instead of removing the log messages, maybe just change the level of logging to something that would not be printed during a standard install - also add visual feedback to `npm outdated` - not sure about adding info to `npm explain`, if we were to do that we should pb augment explain output to add audit info, etc - @lukekarrys - maybe keep direct dependencies as warning logs during install? - security audits, deprecations and outdated seem to be very similar, what if there's a command that can surface all this info? - @darcyclarke - if we were to keep warning for direct dependencies why would we not have log warnings for audit reports for direct deps? - @ruyadorno - idea is to have a unified notifications system at the end instead - @darcyclarke - `npm ls` can also be a bit of a scope creep in the context of this RFC since you could also argue it can also be augmented to include audit issues and more - @ruyadorno - let's maybe reduce the scope to only notifications and a command to surface the deprecation messages - @darcyclarke - the command `npm deprecations`? just returns direct dependencies by default and accepts `--all` flag in order to show deprecations for transitive deps 3. **PR**: [#4260 feat(arborist)(reify): add an ability to add a hook](https://github.com/npm/cli/pull/4260) - @fritzy - @darcyclarke - During the npm7 rewrite the hooks feature was dropped - Maybe that wasn't as well publicized like other breaking changes such as peer dependencies - There's a current RFC to add new lifecycle events for arborist / npm installs 5. **Issue**: [#511 [RRFC] remove `npm-shrinkwrap.json` from the list of unignorable files](https://github.com/npm/rfcs/issues/511) - @ljharb - Update: need to action on the items from last week 6. **PR**: [#4227 Change the default save-prefix from ^ to none](https://github.com/npm/cli/pull/4227) - @zkldi - Update: need to action on the items from last week 7. **PR**: [#343 RFC: npm workspaces: auto switch context based on cwd](https://github.com/npm/rfcs/pull/343) - @ruyadorno - @ruyadorno - big gap between our current implementation & the way end-user's are expecting this feature to work - running a command within a directory that is apart of a workspace should be easier - we'll now walk up the require tree & determine if you're inside a workspace or not - @fritzy - PR that is open checks for if a workspace is defined at the root of the project - there's a way to opt-out from the behavior using `--no-workspaces`