Open RFC Meeting (npm)

#### Meeting from: September 15th, 2021 # Open RFC Meeting (npm) ### Attendees - Darcy Clarke (@darcyclarke) - Nathan Fritz (@fritzy) - Vincent Bailly (@vincentbailly) - Isaac Z. Schlueter (@isaacs) - Luke Karrys (@lukekarrys) - Jordan Harband (@ljharb) - Gar (@wraithgar) - Jonathan Cremer (@) - Tierney Cyren (@bnb) ### Previously... - [2021-09-08](https://github.com/npm/rfcs/blob/latest/meetings/2021-09-08.md) ### Agenda 1. **Housekeeping** 1. Introduction(s) 1. [Code of Conduct Acknowledgement](https://www.npmjs.com/policies/conduct) 1. Outline Intentions & Desired Outcomes 1. Announcements 1. **Issue**: [#454 📊 Poll: new name for the proposed reification strategy (RFC #436)](https://github.com/npm/rfcs/issues/454) - @darcyclarke 1. **PR**: [#436 New Reification Mode](https://github.com/npm/rfcs/pull/436) - @vincentbailly 1. **Issue**: [#445 [RRFC] Breaking changes for `npm@8`](https://github.com/npm/rfcs/issues/445) - @nlf 1. **PR**: [#437 RFC: Robust Lifecycle Scripts](https://github.com/npm/rfcs/pull/437) - @fritzy 1. **PR**: [#422 RFC: audit assertions](https://github.com/npm/rfcs/pull/422) - @bnb ### Notes #### **Issue**: [#454 📊 Poll: new name for the proposed reification strategy (RFC #436)](https://github.com/npm/rfcs/issues/454) - @darcyclarke - @issacs - it makes sense to name this after the intended result/purpose of the strategy (ie. isolate dependencies from eachother) - **Action:** - @darcyclarke to close poll issue - @vincentbailly to update RFC to reflect "isolated" mode nomenclature #### **PR**: [#436 New Reification Mode](https://github.com/npm/rfcs/pull/436) - @vincentbailly - @vincentbailly - made updates to RFC based on interop between the default strategy & "isolated" mode - can you interop? - you can set this w/ configuration & update/change between the modes (ex. force this or have the developer choose) - junctions or symlinks? - junctions - @ljharb - we should not create a situation where we are disadvantaging packages or creating more of a support burdan for maintainers - we shouldn't be warning people for things that arent actionable for them (ie. end-users/consumers) - ex. a third-party package can currently be relying on the non-isolated mode reification which I can't fix - @isaacs - believe its more likely that, based on the popularity of `pnpm` & `yarn` that we need to eventually support a mode like this - believe these is value in a super strict reification mode - @ljharb - believe that `pnpm` & `yarn`+`pnp` are hiding the # of breakages in the ecosystem by asking for maintainers to change & hack support - @jonathancreamer - a strict package manager mode has help find issues/errors within my dep graph - you can resolve some of these issues - @vincentbailly - your dependencies can still access other deps that they haven't declared if they are top-level/root-level declared deps - @ljharb - so I can tell someone who comes to me & says "I tried isolated mode & eslint broke because of your plugin, what should I do?" I can tell them to "add the plugin as a primary dep & that should resolve your problems"? & - does `pnpm` have a similar strategy/capability baked-in? - @vincentbailly - yes - @isaacs - this RFC is not specific to workspaces but is much more powerful in workspace projects - @isaacs - `root -> workspace(foo) -> bar` does this get linked? - @vincentbailly - we can decide, no strong opinion - @ljharb - we should keep in mind the concept of "isolated for me & not for you" #### **Issue**: [#445 [RRFC] Breaking changes for `npm@8`](https://github.com/npm/rfcs/issues/445) - @nlf - @wraithgar - changes include: - no more programmatic API - no more support for node 10 - **Actions:** - [ ] @wraithgar determine which version of node is appropriate to jump to #### **PR**: [#437 RFC: Robust Lifecycle Scripts](https://github.com/npm/rfcs/pull/437) - @fritzy - @fritzy no update yet #### **PR**: [#422 RFC: audit assertions](https://github.com/npm/rfcs/pull/422) - @bnb - @bnb no update - requires some clear next steps