[Pkg-javascript-devel] Bug#857986: npm: This pakcage is 3 years old? (consider removal)

Thu Mar 16 22:47:30 UTC 2017

Package: npm
Version: 1.4.21+ds-2
Severity: grave
Justification: renders package unusable

Sorry for opening such a non-standard bug report
but this page leads me to believe that the most
up-to-date version we have for this package on
Debian is from 2014 (see changelog on the menu on
the right side of the screen):

https://packages.debian.org/sid/npm

I don't see any indication anywhere that there is
a reason or justification for this.

Node.js and NPM have become standard tools for web
development and the *extremely outdated* version
proved by this package siomply doesn't work anymore.

I suggest this package be entirely removed to avoid
well-meaning users from comiong across all sorts of
bugs and errors while using npm due to a lack of update
in what has become an essential tool. If Debian maintainers
can't keep this up-to-date, this package being here
probably does more harm than good to your average
user who expects it to "Just Work". I wouldn't say this
if I didn't know for a fact that this outdated version
simply doesn't work anymore with the package.json files
that are on the NPM repository (try installing polymer,
for example: npm install -g polymer ).

Node.js provides a single package (for Node and NPM) in
their own repository. I'm not sure if any efforct can be
done to bring this package version into Debian's
repositories but if that's not possible, I believe that
having a 3-year old version is doing more harm than good
and that it is better for Debian not to offer such - and
have users install from the official repository instead
or from the website Linux download.

Repository insall instructions 
https://nodejs.org/en/download/package-manager/#debian-and-ubuntu-based-linux-distributions

Simple download from website
https://nodejs.org/en/

Again, I doubt this years-old package here is doing 
any good for most users, and I imagine it's doing more
harm since people might not even noticed their NPM tool
is extremely outdated, which will obviously lead to hard
to understand errors.

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages npm depends on:
pn  node-abbrev               <none>
pn  node-ansi                 <none>
pn  node-ansi-color-table     <none>
pn  node-archy                <none>
pn  node-block-stream         <none>
pn  node-fstream              <none>
pn  node-fstream-ignore       <none>
pn  node-github-url-from-git  <none>
pn  node-glob                 <none>
pn  node-graceful-fs          <none>
pn  node-gyp                  <none>
pn  node-inherits             <none>
pn  node-ini                  <none>
pn  node-lockfile             <none>
pn  node-lru-cache            <none>
pn  node-minimatch            <none>
pn  node-mkdirp               <none>
pn  node-nopt                 <none>
pn  node-npmlog               <none>
pn  node-once                 <none>
pn  node-osenv                <none>
pn  node-read                 <none>
pn  node-read-package-json    <none>
pn  node-request              <none>
pn  node-retry                <none>
pn  node-rimraf               <none>
pn  node-semver               <none>
pn  node-sha                  <none>
pn  node-slide                <none>
pn  node-tar                  <none>
pn  node-underscore           <none>
pn  node-which                <none>
ii  nodejs                    7.7.3-1nodesource1~jessie1

npm recommends no packages.

npm suggests no packages.