From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jan Nieuwenhuizen <janneke@gnu.org>
Subject: On merging the npm importer
Date: Tue, 28 Mar 2017 18:59:59 +0200
Message-ID: <87zig5mj5c.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:37981)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <janneke@gnu.org>) id 1csuTj-0003dn-SS
	for guix-devel@gnu.org; Tue, 28 Mar 2017 13:00:24 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <janneke@gnu.org>) id 1csuTi-0002yD-SD
	for guix-devel@gnu.org; Tue, 28 Mar 2017 13:00:19 -0400
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: guix-devel@gnu.org

Hi,

We have a working importer for npm packages written by Jelle that I have
been using for about half a year.  It can use some improvements and
that's why I think we should merge it.

Have alook at my npm branch here, rebased on master

    https://gitlab.com/janneke/guix

I added a patch with several fixes for the importer and and build
system.  So far, so good.

There's a problem however with the --recursive option and the build
system.  To quote Jelle[1]

   To start of with something that did not work out as well as I had
   hoped, getting a popular build system (e.g. Gulp, Grunt, Broccoli and
   others) packaged.  As mentioned in my earlier mails, the list of
   transitive dependencies of any of these suffer from at least the
   following:

   - It is a list with more than 4000 packages on it
   - It is a list with at some point the package itself on it

Most nontrivial npm packages use a build system, and all build systems
have circular development dependencies.  Not all development
dependencies are always required to build a package, but some certainly
are nd there's no way to tell which is which, afaik.

That's why I added a --binary option to the importer: it will not
try to use the build system and instead mimick `what npm does.'  This
does provide, however, an amazing reproducibility feature to the
dependency woes that npm hackers are familar with.

I suggest to not add any npm package to Guix that is the result of using
the --binary option and to build a base of full-source/sanitized npm
packages.

Greetings, janneke

[1] https://lists.gnu.org/archive/html/guix-devel/2016-08/msg01567.html

--=20
Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond http://lilypond.org
Freelance IT http://JoyofSource.com | Avatar=C2=AE  http://AvatarAcademy.nl=
=20=20