Re: GSoC NPM

[Jelle Licht]

Hi Jan,

Thanks for your interest and work. I am currently quite occupied with getting ready
for my next year of studies, so I will only shortly address your points;

The short of it is that the dist tarball does not always contain the actual source code.
Examples of this include generated code, minified code etc.

The devDependencies are, in these cases, the things we need to be able to actually

build the package. Examples of this include gulp, grunt, and several testing frameworks.

For simple packages, the difference between a npm tarball and a GH tarball/repo are
non-existent. I made the choice to skip the npm tarball because I'd rather err on the

side of caution, and not let people download and run these non-source

packages by accident ;-).

I will have more time to see this through next week.

- Jelle

2016-09-02 16:24 GMT+02:00 Jan Nieuwenhuizen <address@hidden>:

Jelle Licht writes:

Hi Jelle!

> - The ability to parse npm version data
> - An npm backend for ~guix import~
> - Npm modules in guix
> - An actual build system for npm packages

That's amazing.  I played with it today and noticed that it always
downloads devDependencies.  Why is that...I disabled that because
I think I don't need those?

Also, I found that you prefer going through the repository/github
instead of using the dist tarball.  Why is that?  Some packages do not
have a repository field, such as `http'.  I changed that to prefer using
the dist tarball and use repository as fallback.  You probably want to
change that order?

I made some other small changes, see attached patch, to be able to
download all packages that I need, notably: cjson, http and xmldom.

Thanks again for your amazing work, hoping to have this in master soon.

Greetings,
Jan



--
Jan Nieuwenhuizen <address@hidden> | GNU LilyPond http://lilypond.org
Freelance IT http://JoyofSource.com | Avatar®  http://AvatarAcademy.nl