Comments (8)
That's fair. We called it "minimal" because prebuild-install
was split off from the larger prebuild
cli.
This has potential to be one of the most depended pkgs
I'm actually hoping it eventually dies out because there is a better alternative (zero deps).
from prebuild-install.
At first look it seems to be too much coupled to the C++ and gyp
Yeah, it is. Keeps the scope small and the code clean. You might be interested in this idea: prebuild/prebuildify#7
from prebuild-install.
@cztomsik You might want to take a peek at https://github.com/deltachat/deltachat-node , it's a node module for native code, but based on a lib that comes from the rust core module.
from prebuild-install.
We use npmlog
so that our logs cleanly interweave with npm's own logs, and to respect npm's log level.
If there's an alternative, lighter package that does the same, I wouldn't mind swapping npmlog
. Although personally I have no problem with the number of dependencies (note btw that 20 of the 80 above are deduped).
from prebuild-install.
Good point with deduping but there's still a lot of other deps.
And I see your reasoning but it feels hard to swallow. Testing process.env.npm_config_loglevel
is super easy and you don't seem to use any of the advanced npmlog
functionality - and I'd generally advise against as I'm not interested in colors, progress bars and whatever, I just want this to download prebuilt binary and that's it.
This has potential to be one of the most depended pkgs and it's important to keep deps low because otherwise the current situation is only going to get worse (npm i jest
is 1k pkgs now)
So, I don't have any drop-in replacement but I personally think you don't need it.
from prebuild-install.
I'm not interested in a discussion about the merits of npm packages atm.
You are right that it's not actually doing that much. A PR is welcome to replace it, provided that you don't strip it down too much because re: "I just want this to download prebuilt binary and that's it", logs have proven themselves to be useful many times.
from prebuild-install.
Sorry if that was offensive, it was not intentional. The whole point of this issue is that this project is advised as minimal and so I was very surprised by the actual number of deps.
from prebuild-install.
Oh wow, that looks great! I will definitely have a better look.
But I'm not sure I can use it for my project - my extension is in rust and I'm building it myself, using custom node.js script (I need some codegen too) - and then the result is put into /target/
and I need this to be built on different platforms - so I've started experimenting with github actions which looks promising and I'm able to build all the binaries and the original idea was to put it into github releases but this indeed look better - I'm just not sure how to combine it. At first look it seems to be too much coupled to the C++ and gyp
(but the idea is very interesting!)
from prebuild-install.
Related Issues (20)
- Resolve vulnerabilities in dependencies (npmlog>gauge>ansi-regex) HOT 4
- Remove `rc` dependency HOT 2
- Version bump of `npmlog` HOT 1
- Resolve CVE-2022-0355 by upgrading to simple-get 4.0.1+ HOT 1
- Update simple-get to 4.0.1 HOT 1
- Resolve vulnerability in dependencies (simple-get < 4.0.1) HOT 1
- Please update simple-get dependency to resolve security issue. HOT 1
- npm_config_* variables are not available in npm v7+ which breaks prebuild platform overrides HOT 3
- prebuild-install can't install node-canvas prebuild HOT 1
- CVE-2021-44906: Minimist <=1.2.5 is vulnerable to Prototype Pollution HOT 2
- Can't install package in private network HOT 4
- How to disable enforced compilation? HOT 1
- Mirroring with custom host much harder compared with node-pre-gyp
- [CVE-2022-0355] Exposure of Sensitive Information to an Unauthorized Actor in NPM simple-get prior to 4.0.1 HOT 5
- Expired certificate HOT 2
- prebuild-install not found HOT 2
- prebuild-install WARN install No prebuilt binaries found HOT 1
- Critical CVE reported in latest ([email protected]) HOT 2
- prebuild-install will mutate the contents of an hard-linked `.node` file
- why doesn't it honor NPM_CONFIG_CACHE? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from prebuild-install.