-
Notifications
You must be signed in to change notification settings - Fork 330
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[PROPOSAL] remove node_modules from ILIAS repository. #5128
[PROPOSAL] remove node_modules from ILIAS repository. #5128
Conversation
P.S. I adjusted the documentation of the repository in |
Jour Fixe, 17 OCT 2022: We see several advantages of this PR but need to discuss with the BB if we can go this way and introduce another dependency (npm) that are a problem for some installations. One option would be to offer ready builts additionally. |
Please have a really good look on the security side of this issue. NPM is not the yellow from the egg when it comes to security. Adding See: |
Thx @PurHur for drawing this to our attention. I updated the installation docs of the repository accordingly. |
Thanks again @thibsy for taking the initiative for this! The Technical Board discussed your proposal at our meeting and we agree with the direction this takes. As this has the potential to complicate the installation and maintenance of ILIAS, we will need a little bit more time though, to come up with a good plan on how to provide a updates and installations in the future and how to communicate it well. |
Hi @thibsy |
1cf45f1
to
543c72b
Compare
Hi @kergomard This should be good to go now. Thx a lot! Kind regards |
Thank you very much @thibsy ! |
Hi folks,
In reaction upon @klees comment in #5114 I thought why not just remove the node_modules from the repository?
Reason alone could be my computer nearly crashing due to the huge diff of this PR alone. Same goes for the PR I just referenced above, which makes it really hard to figure out what the PR actually adds to the codebase.
It's also kind of inconsistent to include node_modules in the repository whereas the composer dependencies will have to be installed manually.
I believe I don't have to tell you about why this is a good thing :). If you strongly disagree of this though, please let me know.
Kind regards!