You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Opening a discussion on NPM packaging requirements. Sadly there are a few "best practices" articles around but none quite cover the nuance or context of most decisions. Let's just air what we think a bit and then roll forward.
In the context of this component, I think all we'd really need to distribute via NPM itself is the script and stylesheet. All the HTML and possible markdown files (hopefully just one or two when we're done) are not that useful when integrating and deploying. Those are very much dev time oriented. Given my current experience knowing how some organizations need to scrutinize and approve everything that operates on their system's, I'd say we should use npmignore to only package the bits that need to be in the distribution. This way anyone that needs to get what we provide audited should have an easier time.
Beyond just minimizing what is in the package to the absolute necessities I don't have any real concerns with how we package this (as long as we attempt to obey SemVer.) Does anyone else have other concerns with packaging? Or any hard objections to stripping the package distributed to the bare minimum?
The text was updated successfully, but these errors were encountered:
Opening a discussion on NPM packaging requirements. Sadly there are a few "best practices" articles around but none quite cover the nuance or context of most decisions. Let's just air what we think a bit and then roll forward.
In the context of this component, I think all we'd really need to distribute via NPM itself is the script and stylesheet. All the HTML and possible markdown files (hopefully just one or two when we're done) are not that useful when integrating and deploying. Those are very much dev time oriented. Given my current experience knowing how some organizations need to scrutinize and approve everything that operates on their system's, I'd say we should use npmignore to only package the bits that need to be in the distribution. This way anyone that needs to get what we provide audited should have an easier time.
Beyond just minimizing what is in the package to the absolute necessities I don't have any real concerns with how we package this (as long as we attempt to obey SemVer.) Does anyone else have other concerns with packaging? Or any hard objections to stripping the package distributed to the bare minimum?
The text was updated successfully, but these errors were encountered: