[Pkg-javascript-devel] Bug#1030952: npm depends on webpack and 200+ other packages
Christopher Hagar
cmhagar at gmail.com
Thu Feb 9 21:35:30 GMT 2023
Package: npm
Version: 9.2.0~ds1-1
Severity: normal
X-Debbugs-Cc: cmhagar at gmail.com
After recent changes in npm and node-css-loader (node-postcss-selector-parser),
installing npm installs webpack and 200+ other node-related packages.
Given that npm is a package manager, it should not require so many
dependencies.
Morever, npm is for installing packages outside of the Debian package manager!
It should not bring in tons of Debian packages that will never be used.
Debian Policy says that Depends declares an "absolute dependency". Recommends
declares a "strong, but not absolute, dependency". Suggests declares that a
packages "may be more useful with one or more others". And it is possible there
should be no dependency relationship of any kind for npm depending on webpack.
-- System Information:
Debian Release: bookworm/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-3-amd64 (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages npm depends on:
ii ca-certificates 20211016
ii node-abbrev 1.1.1+~1.1.2-1
ii node-agent-base 6.0.2+~cs5.4.2-2
ii node-aproba 2.0.0-3
ii node-archy 1.0.0-6
ii node-base64-js 1.5.1+dfsg+~1.3.0-2
ii node-binary-extensions 2.2.0-2
ii node-cacache 17.0.3+~cs10.3.7-1
ii node-chalk 5.2.0-1
ii node-chownr 2.0.0-2
ii node-ci-info 3.6.1+~cs1.1.0-1
ii node-cli-table [node-cli-table3] 0.3.11+~cs0.13.4-3
ii node-colors 1.4.0-4
ii node-columnify 1.6.0+~1.5.1-1
ii node-css-loader [node-postcss-selector-parser] 5.0.1+~cs14.0.5-1
ii node-css-selector-tokenizer [node-cssesc] 0.8.0+~cs4.8.3-1
ii node-debug 4.3.4+~cs4.1.7-1
ii node-depd 2.0.0-2
ii node-diff 5.0.0~dfsg+~5.0.1-4
ii node-encoding 0.1.13-2
ii node-events 3.3.0+~3.0.0-3
ii node-glob 8.0.3+~cs8.4.15-1
ii node-got 11.8.5+~cs58.13.36-3
ii node-graceful-fs 4.2.10-1
ii node-gyp 9.3.0-2
ii node-hosted-git-info 6.1.1-2
ii node-https-proxy-agent [node-http-proxy-agent] 5.0.1+~cs8.0.0-3
ii node-ieee754 1.2.1-3
ii node-ini 3.0.1-2
ii node-ip 2.0.0+~1.1.0-1
ii node-ip-regex 4.3.0+~4.1.1-1
ii node-json-parse-better-errors 1.0.2+~cs3.3.1-2
ii node-jsonparse 1.3.1-10
ii node-lru-cache 7.14.1-1
ii node-minimatch 5.1.1+~5.1.2-1
ii node-minipass 3.3.6+~cs9.4.19-1
ii node-mkdirp 1.0.4+~1.0.2-4
ii node-ms 2.1.3+~cs0.7.31-3
ii node-negotiator 0.6.3+~0.6.1-1
ii node-nopt 5.0.0-4
ii node-normalize-package-data 4.0.1+~2.4.1-1
ii node-npm-bundled 2.0.1-2
ii node-npm-package-arg 10.0.0+~3.0.0-2
ii node-npmlog 7.0.1+~4.1.4-1
ii node-once 1.4.0-7
ii node-p-map 4.0.0+~3.1.0+~3.0.1-1
ii node-promise-retry 2.0.1-4
ii node-promzard 0.3.0-2
ii node-read 1.0.7-5
ii node-read-package-json [node-npm-normalize-package-b 5.0.2+~2.0.0-1
in]
ii node-rimraf 3.0.2-2
ii node-semver 7.3.5+~7.3.9-2
ii node-ssri 9.0.1-2
ii node-string-width [node-emoji-regex] 4.2.3+~cs13.2.3-1
ii node-strip-ansi 6.0.1-2
ii node-tar 6.1.13+~cs7.0.5-1
ii node-text-table 0.2.0-4
ii node-validate-npm-package-license 3.0.4-2
ii node-validate-npm-package-name 5.0.0+~4.0.0-1
ii node-which 2.0.2+~cs1.3.2-3
ii node-wrappy 1.0.2-3
ii node-write-file-atomic 4.0.2+~4.0.0-1
ii node-yallist 4.0.0+~4.0.1-1
hi nodejs 18.13.0+dfsg1-1
Versions of packages npm recommends:
ii git 1:2.39.1-0.1
pn node-tap <none>
Versions of packages npm suggests:
pn node-opener <none>
-- no debconf information
More information about the Pkg-javascript-devel
mailing list