Re: npm (mitigation)

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: npm (mitigation)

From:	Mike Gerwitz
Subject:	Re: npm (mitigation)
Date:	Fri, 14 Jul 2017 23:34:51 -0400
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux)

On Fri, Jul 14, 2017 at 13:57:30 +0200, Jelle Licht wrote:
> Regardless, the biggest issue that remains is still that npm-land is mired
> in cyclical dependencies and a fun-but-not-actually unique dependency
> resolving scheme.

I still think the largest issue is trying to determine if a given
package and its entire [cyclic cluster] subgraph is Free.  That's a lot
of manual verification to be had (to verify any automated
checks).  npm's package.json does include a `license' field, but that is
metadata with no legal significance, and afaik _defaults_ to "MIT"
(implying Expat), even if there's actually no license information in the
repository.

-- 
Mike Gerwitz
Free Software Hacker+Activist | GNU Maintainer & Volunteer
GPG: D6E9 B930 028A 6C38 F43B  2388 FEF6 3574 5E6F 6D05
https://mikegerwitz.com

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

npm (mitigation), Catonano, 2017/07/14
- Re: npm (mitigation), Jelle Licht, 2017/07/14
  - Re: npm (mitigation), Mike Gerwitz <=
    - Re: npm (mitigation), Jelle Licht, 2017/07/14
    - Re: npm (mitigation), Adonay Felipe Nogueira, 2017/07/15
    - Re: npm (mitigation), Adonay Felipe Nogueira, 2017/07/15
    - Re: npm (mitigation), Catonano, 2017/07/17
    - Re: npm (mitigation), Mike Gerwitz, 2017/07/17
  - Re: npm (mitigation), Catonano, 2017/07/17
    - Re: npm (mitigation), Ricardo Wurmus, 2017/07/24
    - Re: npm (mitigation), Catonano, 2017/07/25
- Re: npm (mitigation), Jan Nieuwenhuizen, 2017/07/14
  - Re: npm (mitigation), Catonano, 2017/07/17

Prev by Date: Re: npm (mitigation)
Next by Date: Re: npm (mitigation)
Previous by thread: Re: npm (mitigation)
Next by thread: Re: npm (mitigation)
Index(es):
- Date
- Thread