New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow NPM packages to be installed from a URL #1686

Closed
wants to merge 1 commit into
base: devel
from

Conversation

Projects
None yet
3 participants
@marcandre
Contributor

marcandre commented Dec 14, 2013

I got burned by [#1214] too, and since it was closed by the bot, here it is again. (I got burned by that too), this time based on devel. Hope that's ok, and thanks to @deepwell coz the patch pointed me to the solution.


Update the NPM integration module to allow installing an npm package from a private URL instead of limiting it to public npm modules only.

This replaces the _isGitHubTarball() function to handle not just git tarballs, but to handle any compressed package on any server.

You then use this the same way as the current github tarball feature:
Inside your package.js file add:

Npm.depends({
  'your-package-name': 'http://website.com/example/your-package-name-0.0.1.tar.gz'
});
@glasser

This comment has been minimized.

Member

glasser commented Dec 19, 2013

I still think it's important to make builds reproducible, but certainly our current specification is too conservative.

It's important to me that when Meteor has a fully supported third-party package repository (next up on our pre-1.0 roadmap), that packages are fully reproducible, but it might just be that packages in new-Atmosphere are prebuilt or something, or that we could apply more stringent rules to new-Atmosphere packages than to packages in your app.

Going to table thinking about this until new-Atmosphere actually exists.

glasser added a commit that referenced this pull request Feb 10, 2014

Npm.require: Allow arbitrary http(s) URLs with SHA
We'll probably revisit this when we build out the package server, but
this is a relatively safe start that removes our GitHub-specific check.

Fixes #1686. (This doesn't technically fix the case in that bug but if
you know what you're doing you can add the SHA yourself.)

@glasser glasser closed this Feb 10, 2014

@glasser

This comment has been minimized.

Member

glasser commented Feb 10, 2014

Fixed (on sso, which is going to devel soonish)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment