Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use Installer when packaging git dependencies #189

Closed
wants to merge 1 commit into from
Closed

Use Installer when packaging git dependencies #189

wants to merge 1 commit into from

Conversation

feelepxyz
Copy link
Contributor

@feelepxyz feelepxyz commented Apr 16, 2019

When installing git dependencies, the config options: dry-run and ignore-scripts are being lost if set as cli arguments causing the prepare script to always run. We found this issue while doing an install that only needs to get lockfile changes. You can work around this by setting these settings in a .npmrc file.

We've also found an issue with proxying npm config to the cli when a large cafile has been set. The contents of cafile is expanded into the ca config key which get passed as a cli argument to install. When this file is big (e.g. including a custom cert + all system certs) it causes a kernel exception on Linux (E2BIG: Argument list too long).

The current implementation requires prepublish to be fully deprecated because I couldn't figure out a way to only set the ignore-prepublish config setting for the git install. Setting it with npm.config.set('ignore-prepublish', true) before the install doesn't seem to be picked up in the npm-lifecycle package when running the prepublish stage.

I imagine it will be a pain to deprecated prepublish without breaking a bunch of packages, is this still something you're planning or should I find a workaround?

@feelepxyz feelepxyz requested a review from a team as a code owner April 16, 2019 11:14
This fixes a couple of config issues we've found when installing
packages in `dry-run` mode to only get the lockfile changes.

When setting `dry-run` or `ignore-scripts`, the setting isn't
passed through when installing git dependencies meaning the `prepare`
script is always run.

We've also found an issue with proxying existing npm config to the cli
when a large `cafile` has been set, as this is expanded into the `ca`
config key with the full string contents of the ca file. If the ca file
is huge this will blow up on linux with an E2BIG exception (Argument
list too long). Increasing the limit requires kernel recompilation so
isn't really an option.

The current implementation requires `prepublish` to be fully deprecated,
is this something you are planning? Otherwise I'm happy to find another
way of passing this config through the installer.
@isaacs isaacs added needs-discussion semver:patch semver patch level for changes labels Jun 26, 2019
@isaacs
Copy link
Contributor

isaacs commented Aug 12, 2019

Fully deprecating prepublish is planned for npm v7, but we can't do that without a semver major bump. If you need help making this suitable for a patch/minor release, let me know. Sorry for the inconvenience.

@feelepxyz
Copy link
Contributor Author

@isaacs great news! Can definitely wait for v7, we've worked around it on Dependabot so don't have an urgent need.

@ljharb
Copy link
Contributor

ljharb commented Aug 12, 2019

What’s the point of fully deprecating it, as opposed to just making it be the same as prepublishOnly?

@ruyadorno ruyadorno added Needs Discussion is pending a discussion Release 7.x work is associated with a specific npm 7 release labels Jan 7, 2020
@feelepxyz
Copy link
Contributor Author

Fully deprecating prepublish is planned for npm v7, but we can't do that without a semver major bump. If you need help making this suitable for a patch/minor release, let me know. Sorry for the inconvenience.

@isaacs what's the status on deprecating prepublish? Does this PR make sense in v7?

@darcyclarke
Copy link
Contributor

Hey @feelepxyz! Sorry for the delay, we're going to close this PR as we've completely refactored this code in v7. Appreciate the contribution though.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Needs Discussion is pending a discussion Release 7.x work is associated with a specific npm 7 release semver:patch semver patch level for changes
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants