diff options
| author | Jakub Jirutka <jakub@jirutka.cz> | 2021-04-11 00:33:39 +0200 |
|---|---|---|
| committer | Jakub Jirutka <jakub@jirutka.cz> | 2021-04-11 02:26:37 +0200 |
| commit | 25b10bd1a93e12a7e49fee38b0a229281ae49fb7 (patch) | |
| tree | 281acbcd241a378a67bf467a02c02ec94af6605c /main/npm/smoke-tests-npm-location.patch | |
| parent | 3601817f1ed0a3cb1e7b8122653b0e327e2b59fb (diff) | |
main/nodejs: move npm into a standalone aport
npm is bundled in Node.js, but it's a standalone project with its
own release cycle and version number. main/nodejs provides LTS
version of Node.js, so it includes old version of npm.
Alpine build tools don't handle subpackages with pkgver different
from the origin pkgver. Thus the current 'npm' subpackage has version
14.16.1-r0 (version of the Node.js) which is confusing, because the
real version of the packaged 'npm' is 6.14.11.
Moreover, npm has gazillion bundled dependencies, so there's a high
risk of security vulnerabilities; using npm bundled in Node.js
quite complicates security patching and requires rebuilding complete
Node.js package.
For these reasons, I think it will be better to split npm into a
separate aport and provide the latest version instead of some arbitrary
version bundled in the Node.js tarball.
Actually, I planned this three years ago (see commit message in
244cc743c4ae2fd0f517b74790674864cb293e9c), but forgot about it.
There's one unpleasant consequence of this change - the latest npm
version is 7.9.0 which is lower than 14.16.1 (version inherited from
nodejs package). Since Alpine doesn't have "epoch" version as e.g.
Fedora, there's nothing I can do about it beside informing the users
(using nodejs.post-upgrade script).
Diffstat (limited to 'main/npm/smoke-tests-npm-location.patch')
| -rw-r--r-- | main/npm/smoke-tests-npm-location.patch | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/main/npm/smoke-tests-npm-location.patch b/main/npm/smoke-tests-npm-location.patch new file mode 100644 index 00000000000..79f96758fae --- /dev/null +++ b/main/npm/smoke-tests-npm-location.patch @@ -0,0 +1,23 @@ +Allow to specify custom npm location for smoke-tests, so we can test npm +without development dependencies involved. + +--- a/smoke-tests/index.js ++++ b/smoke-tests/index.js +@@ -29,7 +29,7 @@ + }) + const localPrefix = resolve(path, 'project') + const userconfigLocation = resolve(path, '.npmrc') +-const npmLocation = resolve(__dirname, '..') ++const npmLocation = resolve(__dirname, process.env.NPM_LOCATION || '..') + const cacheLocation = resolve(path, 'cache') + const binLocation = resolve(path, 'bin') + const env = { +@@ -57,7 +57,7 @@ + t.equal(pkg.version, '1.0.0', 'should have expected generated version') + }) + +-t.test('npm (no args)', async t => { ++t.skip('npm (no args)', async t => { + const cmd = `"${process.execPath}" "${npmLocation}" --no-audit --no-update-notifier` + const cmdRes = await execAsync(cmd, { cwd: localPrefix, env }) + .catch(err => { |