[OE-core] Fun with npm shrinkwrap
Jan Kiszka
jan.kiszka at siemens.com
Wed Jun 7 18:32:15 UTC 2017
On 2017-06-07 16:09, Davis, Michael wrote:
> If offline builds, license checking, or stable dependency versions are not important to you then you can use the meta-nodejs layer. It just uses the yarn tool directly https://github.com/imyller/meta-nodejs.
>
In fact, meta-nodejs is already in use here, and I've been told to give
"inherit npm-base" a try. Is that what you mean?
How "unreproducible" will builds become? The license checks are not that
critical as I wouldn't trust them right now anyway. Offline builds
correlate with reproduciblilty - we need to archive the artifacts and
generate images with changes later on, independent of what happened
outside meanwhile. Not a killer right now, but not an option on the long
run.
>
> On a hijacked side note has yarn been considered as a solution to some of our npm issues?
> It seems to be npm with built in licnese checking and better version determination.
> Might not cover 100% of our use cases, but then npm only seems to work 50% of the time without tweaking something anyways.
>
Can't comment on yarn, but another colleague pointed out that the
machinery of arch-linux may also be worth a look, not only for the
nodejs/npm galaxy.
Thanks,
Jan
PS: Top-posting is considered evil.
--
Siemens AG, Corporate Technology, CT RDA ITP SES-DE
Corporate Competence Center Embedded Linux
More information about the Openembedded-core
mailing list