[Pkg-javascript-devel] Bug#1030952: npm depends on webpack and 200+ other packages
Yadd
yadd at debian.org
Fri Feb 10 03:09:34 GMT 2023
Control: reassign -1 node-postcss-selector-parser
On 2/10/23 01:35, Christopher Hagar wrote:
> Package: npm
> Version: 9.2.0~ds1-1
> Severity: normal
> X-Debbugs-Cc: cmhagar at gmail.com
>
> After recent changes in npm and node-css-loader (node-postcss-selector-parser),
> installing npm installs webpack and 200+ other node-related packages.
>
> Given that npm is a package manager, it should not require so many
> dependencies.
>
> Morever, npm is for installing packages outside of the Debian package manager!
> It should not bring in tons of Debian packages that will never be used.
>
> Debian Policy says that Depends declares an "absolute dependency". Recommends
> declares a "strong, but not absolute, dependency". Suggests declares that a
> packages "may be more useful with one or more others". And it is possible there
> should be no dependency relationship of any kind for npm depending on webpack.
Hi,
if you install upstream npm, you'll have hundreds packages in
npm/node_modules (around 200 MB). The way chosen in Debian is to reuse
modules that already exist in Debian (and then drop them from npm).
So yes, there are a lot of dependencies but /usr/share/nodejs/npm (and
related dirs like @npmcli/) contains only 3 MB including
/usr/share/nodejs/npm/node_modules/.
Anyway npm doesn't need webpack.
Link between npm and webpack:
- npm requires node-postcss-selector-parser (for @npmcli/query)
- node-postcss-selector-parser requires node-css-loader because it
requires node-indexes-of which is a virtual package provided by
node-postcss-selector-parser
- node-css-loader requires webpack
So the bug is in node-postcss-selector-parser, it may embed indexes-of
which is a 5-lines modules instead of depending of node-css-loader.
More information about the Pkg-javascript-devel
mailing list