No longer installable via NPM

[mvberg]

Since @barchart/instruments-client-js went private

https://gist.github.com/mvberg/0d40b31bc643f3d7d115384cba42af33#file-npm4040-log-L1

preferable way to fix would be to use "git+ssh://git@github.com/..." paths (so we do not have to npm login)

@bryaningl3

@facetrollex @nikitakonan

[bryaningl3]

You’re faced with one of two options: 1. Use “npm login” ... I sent an email about this a few months ago. After you login, a token file is created (see previous email), so that you don’t need to login again. This token file can be transferred to other machines. For example, my ElasticBeanstalk deployments go get a read-only NPM login token from S3. 2. Or, you do essentially the same thing, by referencing a git URI, and including SSH certificates on your computer (or in your deployments). In other words, either way you have a token/certificate/file you need to manage. In light of this, I think it makes most sense to run everything through NPM (for consistency), as opposed to some direct NPM references and some GIT references.

…

-B

Sent from my iPhone

On Oct 8, 2018, at 8:52 PM, Mike Ehrenberg ***@***.***> wrote: Since @barchart/instruments-client-js went private https://gist.github.com/mvberg/0d40b31bc643f3d7d115384cba42af33#file-npm4040-log-L1 preferable way to fix would be to use ***@***.***/..." paths (so we do not have to npm login) @bryaningl3 — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.

[mvberg]

i'm just going to override (or provide) your dependency via SSH in my app.

not worth having my team of 5 devs (and growing!) now have to login in to NPM - just a another way to increase friction.

thanks for the response.

[bryaningl3]

I disagree. Up to you though.

…

Sent from my iPhone

On Oct 9, 2018, at 10:08 AM, Mike Ehrenberg ***@***.***> wrote: Closed #1. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.

[mvberg]

can you elaborate on why you disagree?

are you saying that sharing a master password or "root account" via npm login across all teams (including contractors, etc) is good practice? or are you suggesting that one should share a SSH key with other developers who need to install a simple client library?

To my knowledge Barchart does not have a "npm organization" account ($7 per user, etc).

Additionally, not sure what we are trying to solve (or prevent) with "private" client side packages .... inevitably the JS code is deployed to the world anyway.

[bryaningl3]

Will respond in separate email. Standby.

…

-B

Sent from my iPhone

On Oct 9, 2018, at 6:01 PM, Mike Ehrenberg ***@***.***> wrote: can you elaborate on why you disagree? are you saying that sharing a master password or "root account" via npm login across all teams (including contractors, etc) is good practice? or are you suggesting that one should share a SSH key with other developers who need to install a simple client library? To my knowledge Barchart does not have a "npm organization" account ($7 per user, etc). Additionally, not sure what we are trying to solve (or prevent) with "private" client side packages .... inevitably the JS code is deployed to the world anyway. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.