owned this note changed 5 years ago
Published Linked with GitHub

Meeting from: July 15th, 2020

Open RFC Meeting (npm)

Attendees

  • Darcy Clarke (@darcyclarke)
  • Ruy Adorno (@ruyadorno)
  • Orta Therox (@orta)
  • Isaac Z. Schlueter (@isaacs)
  • Claudia Hernández (@claudiahdz)
  • Myles Borins (@MylesBorins)
  • Jordan Harband (@ljharb)

Agenda

  1. Housekeeping
    1. Introduction(s)
    2. Code of Conduct Acknowledgement
    3. Outline Intentions & Desired Outcomes
    4. Announcements
  2. Issue: #160 [Poll] Preference on how to filter workspaces
  3. PR: #150 RFC: Add file+pack dependency protocol
  4. PR: #129 RFC: overrides
  5. PR: #96 RFC: Add publish confirmation prompt
  6. PR: #126 RFC: Adding types information to the Package JSON in the registry
  7. PR: #165 RFC: Parent package.json
  8. PR: #114 RFC: Expand list of ignored files

Notes

Preference on how to filter workspaces

  • Using a named argument like npm --workspace=foo test translates to adding a new config value and aliasing it to -ws would be easy
  • Adding npm workspace as a new command is also trivially easy
  • The third option doing npm :foo test means adding a new setting config and is potentially costly to implement. Isaac suggest staying away from it
  • Isaac leans towards keeping this as a config value
  • Poll will stay open for another week

Add file+pack dependency protocol

  • How do we differentiate between wanting a local dep being symlinked or packed/unpacked?
  • We can do it at a project level were all files are symlinked or all are packed and in this scenario this could be handled with a config value
  • If it has to be per dependency, using a protocol might be better
  • Making it a config value makes implementation easier, few changes on CLI and Arborist
  • Next actions: change RFC from protocol to config flag

overrides

  • We'll stick with . syntax instead of @ sign
  • Will land after 7.0

Add publish confirmation prompt

  • +1 ratified
  • queue up for 7.0?
    • it's opt-in, so not semver-major
    • isaacs: pushing back on anything in 7.0.0, could we do 7.x?

Adding types information to the Package JSON in the registry

  • "waiting on npm to do the work" situation
  • next steps: add feedback on rfc, ratify and implementation

Parent package.json

  • Allows a package.json to extend a parent package.json to share dependencies and more between multiple packages
  • Hard to implement, target to a lot of problems
  • The RFC will stand a bit longer to give people chance to take a look at it

Expand list of ignored files

  • We should include files that could leak secrets (ex. .env)
  • Add a prompt confirmation before publish that shows you files that you don't want on your package (might need a different RFC)
  • Tierney suggests taking a close look at what Node currently ignores: https://github.com/github/gitignore/blob/master/Node.gitignore
  • Ruy to create a different RFC
Select a repo