Skip to content
This repository has been archived by the owner on Nov 21, 2023. It is now read-only.

caxa 2.0.0 postinstall never run properly #26

Closed
SOVLOOKUP opened this issue Jun 5, 2021 · 13 comments
Closed

caxa 2.0.0 postinstall never run properly #26

SOVLOOKUP opened this issue Jun 5, 2021 · 13 comments

Comments

@SOVLOOKUP
Copy link

postinstall never run: https://github.com/leafac/caxa/releases/download/v${package.version}/${stubName}
Does this repo have any release? and... for some reasons, github cannot be connected in some times in china.
@leafac
Copy link
Owner

leafac commented Jun 5, 2021

Thanks for the report. Can you help me reproduce the problem?

  1. What errors happened?
  2. What version of Node.js are you using?
  3. What version of npm are you using?
  4. What happens if you try to run the postinstall.js script by hand?

This repository does have releases, for example, https://github.com/leafac/caxa/releases/tag/v2.0.0

There are other packages that also depend on downloading stuff from GitHub on postinstall, for example, https://github.com/JoshuaWise/better-sqlite3. Do you know what is the general solution for these packages to work in China?

@pdcastro
Copy link

pdcastro commented Jun 7, 2021

If it helps, I am aware that npm scripts including postinstall will be skipped if the npm install command is executed under the root user account, unless the --unsafe-perm option is used. If this is the case, a workaround would be:

$ whoami
root
$ npm install --save-dev --unsafe-perm caxa

@SOVLOOKUP
Copy link
Author

Thanks for the report. Can you help me reproduce the problem?

  1. What errors happened?
  2. What version of Node.js are you using?
  3. What version of npm are you using?
  4. What happens if you try to run the postinstall.js script by hand?

This repository does have releases, for example, https://github.com/leafac/caxa/releases/tag/v2.0.0

There are other packages that also depend on downloading stuff from GitHub on postinstall, for example, https://github.com/JoshuaWise/better-sqlite3. Do you know what is the general solution for these packages to work in China?

#28 This PR can make postinstall use CDN automatically when the network is not smooth.

The CDN from: https://doc.fastgit.org/en-gb/guide.html#download-releases-or-source-code-archives

@leafac
Copy link
Owner

leafac commented Jun 12, 2021

If it helps, I am aware that npm scripts including postinstall will be skipped if the npm install command is executed under the root user account, unless the --unsafe-perm option is used. If this is the case, a workaround would be:

$ whoami
root
$ npm install --save-dev --unsafe-perm caxa

Ohh, that’s very bad. I’m inclined to just put the stubs in the npm package. It’s only ~20MB anyway, and only developers would have to download them (not the users of the binaries produced by caxa).

@maxb2, @pdcastro, @fcastilloec: Thoughts?

@fcastilloec
Copy link

I'm ok with having caxa including all stubs. I know people don't like the excess of storage, but nowadays, most npm packages are pretty big. Also, caxa will always be a developer dependency unless you're actually developing caxa, in which case you won't install it through npm anyway. Besides, any size increase in caxa will never be reflected in your final project.
Changing the Github Action to include all stubs is a straightforward change, nothing complicated.

Last, if people in China sometimes have problems downloading from GitHub, what are the chances that they will also have problems downloading from npm? Because if the problem exists on both platforms, moving the stubs from one to the other won't do much in solving this. I don't know much about what has restrictions in China, hopefully, somebody more knowledgeable can chime in.

@leafac
Copy link
Owner

leafac commented Jun 12, 2021

Thanks for the input!

I don’t know much either, but appears that there are mirrors of npm that are accessible in China (for example, https://npm.taobao.org). If that’s the case, then moving the stubs to npm will solve the issue. At the very least it’s one moving part less for our Chinese users to worry about.

@maxb2
Copy link
Contributor

maxb2 commented Jun 13, 2021
edited
Loading

If it helps, I am aware that npm scripts including postinstall will be skipped if the npm install command is executed under the root user account, unless the --unsafe-perm option is used. If this is the case, a workaround would be:

$ whoami
root
$ npm install --save-dev --unsafe-perm caxa

Ohh, that’s very bad. I’m inclined to just put the stubs in the npm package. It’s only ~20MB anyway, and only developers would have to download them (not the users of the binaries produced by caxa).

@maxb2, @pdcastro, @fcastilloec: Thoughts?

This is a general problem when running npm as root, not specific to caxa. Whenever I'm using a docker container to run node (runs as root), I include the file .npmrc with the contents unsafe-perm = true. Then all npm commands run as expected. See this Dockerfile.

@SOVLOOKUP
Copy link
Author

@fcastilloec

Last, if people in China sometimes have problems downloading from GitHub, what are the chances that they will also have problems downloading from npm? Because if the problem exists on both platforms, moving the stubs from one to the other won't do much in solving this. I don't know much about what has restrictions in China, hopefully, somebody more knowledgeable can chime in.

@leafac

I don’t know much either, but appears that there are mirrors of npm that are accessible in China (for example, https://npm.taobao.org). If that’s the case, then moving the stubs to npm will solve the issue. At the very least it’s one moving part less for our Chinese users to worry about.

Moving the stubs to npm is a good idea, because of the mirror https://npm.taobao.org npm can be used stably in China.

@pdcastro
Copy link

github cannot be connected in some times in china

I’m inclined to just put the stubs in the npm package. [...] Thoughts?

if people in China sometimes have problems downloading from GitHub, what are the chances that they will also have problems downloading from npm?

Moving the stubs to npm is a good idea, because of the mirror https://npm.taobao.org npm can be used stably in China.

I've just tried accessing https://npm.taobao.org and got an error/info page that says NPM镜像站升级中,敬请期待!, which appears to translate as "NPM mirror station is being upgraded, so stay tuned!". If that's the reliable alternative to the GitHub releases page, then, well, ouch. :-)

Ideally, it wouldn't be for open source package maintainers to worry about hosting alternatives to GitHub and npm to get around the Great Firewall of China. Microsoft bought GitHub who bought npm, so it should be a matter of the CEO of Microsoft sitting at the table with the relevant Chinese authorities and coming to an understanding. :-) Maybe Microsoft should create a GitHub mirror in China using their Azure operations there: https://docs.microsoft.com/en-us/azure/china/overview-operations

I see that PR #28 adds the ability of selecting mirrors for caxa. From the little I know, that's what could actually help: having the data hosted / mirrored geographically within China mainland. Replacing GitHub with some other hosting provider outside China (like npmjs.com) would not be enough.

@SOVLOOKUP
Copy link
Author

SOVLOOKUP commented Jun 15, 2021
edited
Loading

I've just tried accessing https://npm.taobao.org and got an error/info page that says NPM镜像站升级中,敬请期待!, which appears to translate as "NPM mirror station is being upgraded, so stay tuned!". If that's the reliable alternative to the GitHub releases page, then, well, ouch. :-)

Sometimes translation is really confusing...

The page:

NPM镜像站升级中,敬请期待!
源服务正常(http://r.npm.taobao.org/)

Actually says ->

NPM mirror station is working fine in http://r.npm.taobao.org/
The appearance of homepage is being upgraded, stay tuned!

Ideally, it wouldn't be for open source package maintainers to worry about hosting alternatives to GitHub and npm to get around the Great Firewall of China. Microsoft bought GitHub who bought npm, so it should be a matter of the CEO of Microsoft sitting at the table with the relevant Chinese authorities and coming to an understanding. :-) Maybe Microsoft should create a GitHub mirror in China using their Azure operations there: https://docs.microsoft.com/en-us/azure/china/overview-operations

Github does urgently need a stable Chinese mirror, but the capitalists may say that this is not profitable so they can solve it by themselves😒@microsoft

I see that PR #28 adds the ability of selecting mirrors for . From the little I know, that's what could actually help: having the data hosted / mirrored geographically within China mainland. Replacing GitHub with some other hosting provider outside China (like ) would not be enough.caxanpmjs.com

after rethinking the solutions, I think use npm to host stubs maybe a better idea, its more stable and convenient. Because almost everyone in china uses cnpm which is a alternative npm using Taobao source as default.

@leafac
Copy link
Owner

leafac commented Jun 18, 2021

Thank you for all the valuable information. I’ll work on this as part of the v2.1.0 release next week.

@leafac
Copy link
Owner

leafac commented Jun 25, 2021

caxa@2.1 is out and the stubs are shipped in the npm package—the postinstall script is not longer used. Please let me know how it works for you.

@leafac leafac closed this as completed Jun 25, 2021
@SOVLOOKUP
Copy link
Author

caxa@2.1 is out and the stubs are shipped in the npm package—the postinstall script is not longer used. Please let me know how it works for you.

it works, thanks~

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@leafac @fcastilloec @maxb2 @pdcastro @SOVLOOKUP