This repository has been archived by the owner on Sep 13, 2020. It is now read-only.
Import npm dependencies of packages from Bower with a package.json #5
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Here’s my stab at purescript/registry#20. I wasn’t able to test this because of #4 but the logic should already be reviewable.
PacchettiBotti.Registry.Bower.writeMissingBowerManifests
now downloads releases tarballs and parse foreign modules to infer their npm dependencies. We can‘t trust package.json files because not all packages mention their npm dependencies (react-basic
for instance doesn’t mentionreact
norreact-dom
) and some packages saved their development dependencies as runtime ones (mysql
for instance).Two rules are enforced:
src
target must be saved under the"dependencies"
field of a package.json.test
target only (and not of thesrc
target) must be saved under the"devDependencies"
field of a package.json.Do they seem sensible to you? What should we do when they‘re broken? Should the release be rejected or should registry trustees update the manifest afterwards?