2022-02-09.md

Meeting from: February 2nd, 2022

Open RFC Meeting (npm)

Attendees

• Darcy Clarke (@darcyclarke)
• Ruy Adorno (@ruyadorno)
• Jordan Harband (@ljharb)
• Tierney Cyren (@bnb)
• Wes Garland (@wesgarland)
• Owen Buckley (@thescientist13)

Previously...

• 2022-02-02

Agenda

1. Housekeeping
   1. Introduction(s)
   2. Code of Conduct Acknowledgement
   3. Outline Intentions & Desired Outcomes
   4. Announcements
      • OpenJS World 2022
        • https://events.linuxfoundation.org/openjs-world/
        • CFP: https://events.linuxfoundation.org/openjs-world/program/cfp/
2. PR: #343 RFC: npm workspaces: auto switch context based on cwd - @ruyadorno

• @ruyadorno
  • this RFC outlines npm's behaivour when you run a command inside a workspace folder & automatically detecting
• @ljharb
  • Are the bullets here still accurate: #343 (comment)
  • There's different models of workspaces
• @ruyadorno
  • will document the example of using a .npmrc file within a workspace child before landing

3. PR: #516 RFC: Deprecated packages UX revamp - @ruyadorno

• @ruyadorno
  • have updated the RFC to include
  • expanded on npm deprecations usage
  • took some references from @ljharb's npm-deprecations package
• @ljharb
  • --only=production / --omit=dev should work with this
  • aka. npm deprecations --only=production should work
• @ruyadorno
  • let's document the details of the args implementation before landing / accepting it

4. Issue: #523 [RRFC] `npm explain` should work even absent a lockfile and node_modules - @ljharb

• @ljharb
  • idealtree should be able to give us enough information to generate an npm explain result
  • we should warn/error better
• @ruyadorno
  • believe we're missing information in idealtree
  • currently we look at actualtree for this command
  • virtual tree might also miss some info (e.g: optional dependencies) so fallback silently might be a dangerous option
  • let's look and se if it works with --package-lock=only having it be an opt-in could be a great option so that we can surface these possible differences to users

5. Issue: #438 [RRFC] Add libc fields to select optionalDependencies should be installed or skipped - @Brooooooklyn

• @ljharb
  • would be nice to add a top-level group key to handle this along with os/cpu and other info that might affect installation of optionalDependencies
• @ruyadorno
  • Reason I surfaced this Issue is to possibly open a separate RFC to improve/expand scope of optionalDependencies and not only the one off libc usecase

6. PR: #519 RFC: Package Distributions - @darcyclarke

• @darcyclarke
  • will follow up async on these discussions

7. Issue: #511 [RRFC] remove `npm-shrinkwrap.json` from the list of unignorable files - @ljharb

• @ljharb
  • there aren't many scenarios where this would break someone
  • expectation is that this file is ignored if I explicitely remove it in .npmignore
• @wes
  • the capture set would be super small if we allowed .npmignore to define shrinkwrap.json
• @ruyadorno
  • still semver-major either way

8. PR: #4260 feat(arborist)(reify): add an ability to add a hook - @fritzy
9. PR: #4227 Change the default save-prefix from ^ to none - @zkldi
10. PR: #522 Option for npm diff to ignore cr at eol - @oBusk
11. PR: #525 Stop storing `integrity` for git dependencies - @nlf