[Pkg-javascript-devel] script to generate debian/watch for embedding nodejs modules
Bastien ROUCARIES
roucaries.bastien at gmail.com
Mon Nov 26 17:31:50 GMT 2018
On Mon, Nov 26, 2018 at 4:00 PM Pirate Praveen <praveen at onenetbeyond.org> wrote:
>
> On 11/26/18 8:25 PM, Paolo Greppi wrote:
> > The file names are crazy ! is this the way the Debian JavaScript Maintainers team wants to go ?
> > If you are brave, generate the debian/watch for npm and try running uscan on it ...
>
> I prefer to use this approach which is much cleaner and manageable
> https://wiki.debian.org/Javascript/Nodejs/Npm2Deb#Embedding_some_modules
As I have already said uscan and pkg-component are orthogonal. Uscan
is only for download. We use existing infrastructure and it is better
than to use external tooll.
> and for npm, upstream itself provides node_modules inside their tar, so
> we just need to remove the packaged modules from it (repack with
> Files-Excluded).
Yes and it is a security problems because we hide depends and it
create code copy. I strongly oppose to this. We are a distrib not
upstream.
>
> --
> Pkg-javascript-devel mailing list
> Pkg-javascript-devel at alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
More information about the Pkg-javascript-devel
mailing list