[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Lots and lots of tiny node.js packages

On 2016-11-02.07:41, Andrew M.A. Cater wrote:
> On Wed, Nov 02, 2016 at 12:04:27AM +0100, Marco d'Itri wrote:
> > On Nov 01, Ian Jackson <ijackson@chiark.greenend.org.uk> wrote:
> > 
> > > Can you explain why you don't aggregate these into bigger packages,
> > > for use in Debian ?
> > Because the node.js ecosystem is toxic and broken in encouraging 
> > relasing software which embeds very specific versions of lots of tiny 
> > libraries, and because Debian is ideologically against duplicating code 
> > in different packages and build systems downloading code ad built time.
> > 
> > -- 
> > ciao,
> > Marco
> I have to agree with Marco on this from a position of being a watcher on
> the side rather than an active developer of much from Ruby on Rails / NPM
> (and, earlier, helping to support users of the Maven build ecosystem).
> NPM and Node is probably the worst offender - but there's a huge tendency
> to create "magic environments" which pull in random bits of code to build
> your software. Most Node bits are tiny - occasionally they'll break ABI / 
> versioning and everything else. This isn't the idea of a stable Debian package.
> Ruby on Rails is also pretty much the same - Maven was and is the same, with
> the added complication of difficulty of knowing what you get in millions and
> millions of parts when the build system hides dependencies and is automagic.

Actually, node is in a league of its own in this regard:



Attachment: signature.asc
Description: Digital signature

Reply to: