[Pkg-javascript-devel] Bug#794890: Bug#794890: Bug#794890: npm: new upstream version
Jonas Smedegaard
jonas at jones.dk
Wed Nov 23 13:57:35 UTC 2016
Quoting Michael Prokop (2016-11-23 14:18:49)
> Disclaimer: I'm not blaming nor pointing to anyone, but I feel like
> that this is yet again the team pattern and I'd really like to see
> whether we have any way out of this...
Thanks for stating above.
> ... I'm afraid the situation of node-* packages in Debian is worse
> than I expected. node-request's upstream release of version 2.26.1
> dates back to August 2013 and nowadays upstream is at version 2.79.
> There's #844072 against node-request (where someone is asking for a
> newer version of node-request in Debian), but it was filed just this
> month (November 2016) and between 2013 and 2016 there was not a single
> package upload for node-request in Debian.
Seems you imply that node-request is badly maintained. Another
interpretation of above facts is that node-request was very well written
and its dependencies in Debian until recently was satisfied fine by the
older version.
> Asking around what other Debian contributors and users usually do when
> they've to deal with npm + nodejs: either "npm install -g npm"(sic!)
> and then use npm to install the actual node packages or directly head
> towards upstream (like https://deb.nodesource.com/setup_4.x).
Npm is an *alternative* to using Debian packaged nodejs code.
Users of Debian cannot tell anything about how same or similar tasks
could be solved using Debian, because they evidently stopped trying.
> Now one reason why we have node-* packages in Debian is that they
> are dependencies of further packages. To have some numbers: I see
> 601 packages named "node-*" in sid/amd64 as of today, and when
> looking at their reverse dependencies I see only those 24 binary
> packages with node-* packages in their depends/recommends/suggests:
[]
> [JFTR: I didn't consider and look into build-depends for my numbers
> and didn't verify my list with UDD or similar yet. If my numbers are
> wrong please correct me.]
Seems you counted only _binary_ packages - missing e.g. libjs-jquery
which is a dependency of quite a few packages.
> I might be wrong (please correct me), but my impression is that people
> are uploading node-* packages mainly to satisfy a (build-)dependency
> they have in a package and then don't really care about those packages
> any longer.
That may be true for some packages, but please fix your counting method
before further discussion, to avoid discouraging people doing good work
here,
> Back to the npm situation: I was reporting
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794890#34 because
> Debian's npm can't be really used reliably nowadays (the
> "@module/names" not supported at all). Looking through the bugreports
> of the npm package I'd call it unmaintained,
I suspect you are right that npm specifically is in bad shape in Debian
- but my (unsubstantiated) impression is that the cause is not that
Nodejs packages in general are badly maintained, but instead because of
the very aim of npm being not to fit Debian but to bypass it.
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
More information about the Pkg-javascript-devel
mailing list