[Pkg-javascript-devel] Bug#988194: node-got: package.json files not installed for some nodejs packages
Sjoerd Simons
sjoerd at collabora.com
Mon May 10 06:49:47 BST 2021
Control: severity -1 serious
Bumping severity up to serious; Due to this issue node-got on rebuild will not
get all expected nodejs packages in the binary package, causing it to be
broken. Which is obviously somewhat serious e.g. when it has to be rebuild due
to a security fix or similar
On Fri, May 07, 2021 at 09:08:22AM -0300, Ariel D'Alessandro wrote:
> Package: node-got
> Version: 11.8.1+~cs53.13.17-1
> Severity: normal
>
> Dear Maintainer,
>
> Recent versions (>=0.9.57) of pkg-js-tools are ignoring entries from
> each node package's .npmignore. This is the behaviour since the
> .npmignore feature was fixed:
>
>
> https://salsa.debian.org/js-team/pkg-js-tools/-/commit/282af45151cf109315b120c90e347d5acf19a039
>
> Some packages contain a .npmignore file that will ignore everything but
> src/, causing installation to omit package.json files:
>
>
> https://salsa.debian.org/js-team/node-got/-/blob/master/responselike/.npmignore
>
> Because of this, packages depending on node-got have reported missing
> modules due to package.json files not found in these packages:
> clone-response, keyv, responselike.
>
> The behaviour is strange because I'd expect package.json to be always
> installed despite .npmignore content. Note that this is the default npm
> behaviour described in the docs:
>
>
> https://docs.npmjs.com/cli/v7/using-npm/developers#keeping-files-out-of-your-package
>
> A possible solution is to remove all .npmignore files from these nodejs
> packages. This way, all files are installed, including package.json.
>
> If pkg-js-tools behaviour isn't the expected one, this bug should be
> reported there and fixed properly.
>
> Regards,
> Ariel
>
> -- System Information:
> Debian Release: bullseye/sid
> APT prefers testing
> APT policy: (500, 'testing')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 5.10.0-6-amd64 (SMP w/8 CPU threads)
> Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE
> not set
> Shell: /bin/sh linked to /usr/bin/dash
> Init: systemd (via /run/systemd/system)
> LSM: AppArmor: enabled
>
> Versions of packages node-got depends on:
> ii node-decompress-response 6.0.0-1
> ii node-get-stream 6.0.0-1
> ii node-json-buffer 3.0.1-1
> ii node-lowercase-keys 2.0.0-1
> ii node-mimic-response 3.1.0-5
> ii node-p-cancelable 2.0.0-1
> ii nodejs 12.21.0~dfsg-4
>
> node-got recommends no packages.
>
> node-got suggests no packages.
>
> -- no debconf information
More information about the Pkg-javascript-devel
mailing list