-
-
Notifications
You must be signed in to change notification settings - Fork 34
Support npm tags in general #61
Comments
I come back to this idea again... instead of manually downloading files, why not wrap the npm binary (or use their api?). Files get downloaded to Basically, what you've done is rewrite |
This implementation is only 905 lines, it's hardly rewriting npm, and the API is really simple. |
I strongly agree with @lookfirst's idea of wrapping npm. My team constantly comes across edge cases that just don't work the same as npm itself. Things like this bug, package.json's In addition to this, you also wouldn't be required to run We've had quite a bit of pushback moving to jspm on our team because of all the necessary npm+github configuration only to be met with edge case limitations that don't exist with Browserify. |
@zcregan 👍 It isn't a comparison about lines of code as that is a silly metric in this case. Re-implementing the mechanism for downloading npm pacakges is just plain wrong. I just had a friend try to use jspm, the first thing he ran into was the Github api limits. He was so confused as to why all the sudden there was a mess of errors. The error handling in that case is also whacky. |
There's an issue at #58 to move the reading of auth to happen directly from the local npmrc file on startup. With that, it won't be necessary to run Similarly we've just added support for the Yes I know the error messages are bad - we need to be able to distinguish between network and other errors. I've created jspm/jspm-cli#718 to track this. |
@guybedford I'm still pretty convinced that the more correct solution would be to use npm directly. Would you be open to starting a discussion on the idea? |
@zcregan my apologies but this is not something I'm willing to discuss at length. A short summary - jspm handles version resolutions. npm will also try to handle version resolutions but downloading duplicated dependencies into hierarchical node_modules folders. Downloading packages from npm is as simple as downloading a tarball, which jspm implements very simply here. Most of the code in this project is actually converting the JS files from npm into something SystemJS can understand. Calling out to npm to install means that npm would be installing version resolutions into |
Ideally you would extract all that code that does the munging away from the download process. Right now the chain of promises is intertwined with the chain of downloading and it makes the code extremely hard to follow, test and re-use. The way around getting the nested dependencies is to first flatten the tree that you ask npm to download and to let npm do the version resolution for you (using npm/npm-remote-ls). I'm not really sure how you pick which dependencies of projects to leave out, but downloading a couple extra files isn't going to kill anyone, especially since npm handles all the caching for you anyway. Anyway, the problems you've noted actually have good solutions. I've proven this technique with my little honk experiment. It was amazingly fast to install a bunch of stuff. |
If you're looking to follow the code, the download implementation is just https://github.com/jspm/npm/blob/master/npm.js#L393 and the cached lookup is https://github.com/jspm/npm/blob/master/npm.js#L229. All the rest is the conversion. The issue of duplicate downloads specifically comes up when dealing with multi-version. |
JSPM does not support version aliases, which is what npm's dist tags are effectively. @guybedford is skeptical about the usefulness/necessity of aliases, so not planning to support dist tags for now. |
npm tags are extremely useful for development. Especially when used with And to be frank, it really shouldn't matter whether you're "skeptical about the usefulness/necessity" of any npm features. The goal should be for as close to 100% npm package compatibility as reasonably possible. Another example of things just not working in jspm: npm is aware of and committed to fixing it's problems with front-end package management (http://blog.npmjs.org/post/101775448305/npm-and-front-end-packaging). They're doing quite a bit of work to address many of the concerns that jspm solves (https://github.com/npm/npm/wiki/Roadmap) in particular, dependency flattening/deduping. Currently, jspm just completely bypasses all of this work. @guybedford you said that the benefits of piggy-backing on npm are not clear. The benefits are simply that jspm would have vastly improved npm compatibility. Again, I'll list a number of very useful and widely used npm features that jspm doesn't support:
As far as how you would go about implementing such a thing. I would |
@zcregan thanks for describing a great use case example of how this feature is useful. Reopening to implement. In terms of the other features you mention, scoped modules and private modules are supported on master now as well as the .npmrc configuration use directly. Working to get the release out as soon as possible. Git commit referencing is something we can certainly consider in due course as well. Thanks for your patience - completely agree parity is the goal as far as is possible, it just takes work to get to that point. |
👍 |
all my 👍 👍 for wrapping npm so that scoped modules can work and the scope configuration (private npm registry) from ~/.npmrc is used. |
Both of these features are in the coming release. |
Is there an update on this? I see there was a new release 0.25.0, but I can't find releasenotes. |
I just ran into this while trying to install |
This was supported thanks to the PR by @adamburgess. |
See jspm/jspm-cli#704.
Basically we need to be reading all the tags in
dist-tags
and adding them to the versions lookup object.The text was updated successfully, but these errors were encountered: