-
Notifications
You must be signed in to change notification settings - Fork 240
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[RRFC] Implement equivalent of Python's PIP's REQUESTED #6463 #693
Comments
Isn't this what the |
For the project I am working on, I don't have a package.json. I only have a |
npm already stores that information in |
From |
How about adding a |
That info is actually missing from |
Put another way, I can understand why you might find yourself with an old project that has node_modules but not package.json - but moving forward (since this new feature would only be available moving forward), when would you ever have a node_modules folder without a package.json somewhere in version control, and likely also a lockfile? |
Well, in my specific example I am working with AWS lambda functions, which can be deployed just fine with only the To me, this is something that could be beneficial while also being trivial to add (correct me if I'm wrong). Happy to help out |
I'm a bit confused. I thought you were asking to differentiate package.json-installed packages from user-installed packages - there's no way for npm to know which packages, or files, are used at runtime. Typically what's done for Lambda is |
Here's an example: $ npm install aws-xray-sdk $ ls node_modules/
@aws-sdk aws-xray-sdk aws-xray-sdk-postgres pg-int8 postgres-bytea shimmer yallist
@types aws-xray-sdk-core cls-hooked pg-protocol postgres-date stack-chain
async-hook-jl aws-xray-sdk-express emitter-listener pg-types postgres-interval tslib
atomic-batcher aws-xray-sdk-mysql lru-cache postgres-array semver xtend $ cat package.json
{
"dependencies": {
"aws-xray-sdk": "^3.5.0"
}
} the Now, given |
I'm also a bit confused. In this example you just described, what difference would make to know that In other words: what are we accomplishing by making that distinction? |
I would then know that to recreate the same |
It sounds like you're asking that all of the relevant contents of package.json live in node_modules - but at that point why not just be sure to keep package.json around? That file is required at runtime too, so it's not ever something that's safe to delete. |
I don't see why |
It can, but you wouldn't ever want to - you'd want it to be present in a Lambda also, because it has runtime impact on node. |
What do you mean, are you referring to |
Yes, it is needed, because node at runtime uses it. It’s incorrect to ship an app anywhere, including lambda, without package.json. |
it may not seem to be needed from a legacy CJS point of view but as @ljharb pointed above, the |
it sounds to me you're chasing reproducible installs which is tangential to many other conversations held in this RFC repo today. It's a VERY elusive topic since there are MANY hidden configs that will affect a |
Even in (not legacy) CJS, node uses it for self-references with the exports and imports fields. |
When working with Python, it's possible to determine which package was originally installed by the user by checking for the presence of the
REQUESTED
file.For instance:
so then one can determine that the
requests
was installed explicitly, whereascharset_normalizer
wasn't.It would be nice if npm did the same thing
The text was updated successfully, but these errors were encountered: