#### Meeting from: August 19th, 2020
# Open RFC Meeting (npm)
### Attendees
- Ruy Adorno (@ruyadorno)
- Isaac Z. Schlueter (@isaacs)
- Christian Siebmanns (@christian24)
- Jordan Harband (@ljharb)
- Myles Borins (@MylesBorins)
- Lukas Spieß (@lumaxis)
- Wes Todd (@wesleytodd)
- Tierney Cyren (@bnb)
### Agenda
1. **Housekeeping**
1. Introduction(s)
1. Code of Conduct Acknowledgement
1. Outline Intentions & Desired Outcomes
1. Announcements
1. **PR**: [#129 RFC: overrides](https://github.com/npm/rfcs/pull/129) - @isaacs
1. **PR**: [#126 RFC: Adding types information to the Package JSON in the registry](https://github.com/npm/rfcs/pull/126) - @orta
1. **PR**: [#1674 Rfc 0027 npm audit app id](https://github.com/npm/cli/pull/1674) - @doddi
1. **PR**: [#1586 [Feature] Security Pipeline](https://github.com/npm/cli/pull/1586) - @jskoll
1. **Issue**: [#190 [RRFC] npm run-series && npm run-parallel](https://github.com/npm/rfcs/issues/190) - @MylesBorins
1. **PR**: [#185 RFC: Add ability to skip script hooks](https://github.com/npm/rfcs/pull/185) - @lumaxis
1. **PR**: [#183 RFC21: bring back subset of npm_package_* environs](https://github.com/npm/rfcs/pull/183) - @isaacs
1. **PR**: [#182 RFC: npm audit licenses](https://github.com/npm/rfcs/pull/182) - @bnb
1. **PR**: [#165 RFC for parent package.json](https://github.com/npm/rfcs/pull/165) - @Christian24
### Notes
- overrides
- wes: inheriting overrides from an external source?
- isaacs: will be implied by RFC #165 parent package.json
- types: not much updates, been heads-down on v7
- appid
- mark: doing audits tailored to each individual application
- wes: would be nice to use for other general project/packge linting stuff
- discussion of new audit bulk advisory endpoint vs quickaudit endpoint, scaling and perf
- isaacs: not great to use audit to do project linting, but project linting is a good thing
- send appid (or something) in header rather than POST request body
- security pipeline
- let's do this in v7, latest is known legacy outdated
- run-series, run-parallel
- punt, covered in last meeting
- issues brought up, still pending discussion, but urgent.
- move to remove from agenda until practical/speicfici to discuss
- concerns about scope, series cleaner than parallel, one point about whether we want to make it more complicated at all
- maybe drop parallel and just add series to have a platform-agnostic alternative to `&&`
- add ability to skip script-hooks
- isaacs: we should do this
- isaacs: move to accepted today
- bring back subset of npm_package_* environs
- isaacs: not everything is being included anymore, but most are
- isaacs: a custom node script can be used if you need everything
- npm audit licenses
- tierney: could use more feedback to help figure out next steps (written please)
- discussion about the licensee project and how it can potentially be used
- parent package.json
- does not require first-class support from node
- imports/exports not inherited (probably?)
Sign in with Wallet
Connect another wallet