purr changed the topic of #elliottcable to: a
Sgeo_ has joined #elliottcable
Sgeo has quit [Ping timeout: 240 seconds]
<jfhbrook> yeah no npm3 is a bit of a shitshow imo
<jfhbrook> like they rewrote huge parts of it and now it's less battle-tested
<jfhbrook> that said it does sound like the rewrites paid off some pretty serious tech debt that will have made this worth it
<jfhbrook> like not-completely-broken bundledDependencies support
Sgeo__ has joined #elliottcable
Sgeo_ has quit [Ping timeout: 240 seconds]
<alva> How does it improve upon the package managers that came before it?
gkatsev has quit [Ping timeout: 260 seconds]
gkatsev has joined #elliottcable
alexgordon has joined #elliottcable
brr has quit [Read error: Connection reset by peer]
brr has joined #elliottcable
<jfhbrook> well, existing, for one
<jfhbrook> there wasn't really a node package manager before npm, or at least npm was #2
<jfhbrook> tj holowaychuk actually wrote an early node package manager
<jfhbrook> it was probably accidental that npm "won"
<jfhbrook> but one nice feature of npm that I haven't necessarily seen elsewhere at least in the same way is really granular semver ranges
<jfhbrook> that combined with the turtles-all-the-way-down modules had some interesting consequences
<jfhbrook> a lot of which were good
<jfhbrook> some say you traded one kind of dependency hell for another
<jfhbrook> I dunno
<jfhbrook> but it's not like isaac decided to write a better maven
<jfhbrook> at least insofar as him having the hubris to have seen this explosive growth coming
<jfhbrook> or not having it, rather
ohhmaar_ has joined #elliottcable
nuck has joined #elliottcable
nuck is now known as Guest78515
creationix has quit [Ping timeout: 246 seconds]
ohhmaar has quit [Ping timeout: 246 seconds]
NuckingFuts has quit [Ping timeout: 246 seconds]
ohhmaar_ is now known as ohhmaar
incomprehensibly has quit [Ping timeout: 246 seconds]
krainboltgreene has quit [Ping timeout: 246 seconds]
creationix has joined #elliottcable
incomprehensibly has joined #elliottcable
krainboltgreene has joined #elliottcable
yrashk has quit [Quit: Connection closed for inactivity]
alexgordon has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
fujisan has joined #elliottcable
Rurik has joined #elliottcable
Rorik has quit [Ping timeout: 244 seconds]
eligrey has quit [Quit: Leaving]
eligrey has joined #elliottcable
eligrey has quit [Quit: Leaving]
brixen has quit [Ping timeout: 244 seconds]
vigs has quit [Ping timeout: 244 seconds]
brixen_ has joined #elliottcable
vigs has joined #elliottcable
Sgeo__ has quit [Ping timeout: 252 seconds]
fujisan has quit [Quit: Connection closed for inactivity]
vigs has quit [Ping timeout: 244 seconds]
vigs has joined #elliottcable
Navarr has joined #elliottcable
Rorik has joined #elliottcable
Rurik has quit [Ping timeout: 246 seconds]
alexgordon has joined #elliottcable
alexgordon has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
ohhmaar has quit [Ping timeout: 250 seconds]
ohhmaar has joined #elliottcable
<pikajude> wooo, back on a sane OS
<pikajude> with readable font rendering
meowrobot has joined #elliottcable
alexgordon has joined #elliottcable
alexgordon has quit [Client Quit]
alexgordon has joined #elliottcable
alexgordon has quit [Client Quit]
alexgordon has joined #elliottcable
alexgordon has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
alexgordon has joined #elliottcable
eligrey has joined #elliottcable
eligrey has quit [Changing host]
eligrey has joined #elliottcable
alexgordon has quit [Read error: Connection reset by peer]
Navarr has quit [Quit: Connection closed for inactivity]
<alva> jfhbrook: I guess I don't see why there needs to be one specifically for node.
<alva> Especially one with so many problems. Unsigned packages that can be replaced? okay.bmp
<jfhbrook> I mean *something* has to go into node_modules
<jfhbrook> what do you propose, just shoehorning maven into it?
<jfhbrook> that seems less than ideal
<alva> I don't know, C, Haskell, Python libs seem to be happily packaged up in apt
<alva> If nothing else, a fork of that seems like it'd be a better starting point
<jfhbrook> apt is an awful shim for most of those
<jfhbrook> haskell has cabal, python has pip (and a bunch of other crap)
<jfhbrook> and using apt for python, at least, ends poorly, especially when you're dealing with locally-installed deps instead of system-wide ones
<jfhbrook> (you almost never do system-wide deps with node)
<ELLIOTTCABLE> hi loves
<alva> Ok so how about a fork of Nix. Allows versions to coexist peacefully without duplication, per user or otherwise
<alva> Hi ELLIOTTCABLE
<jfhbrook> I'm aware of nix, it would still be a poor fit
<alva> Ok I guess npm is the best we can do then
<alva>
<alva> I don't node so don't mind me
<jfhbrook> well no, obviously npm has problems
<jfhbrook> but it Makes Sense to write a package manager *for* node
<jfhbrook> fwiw I've tried repurposing npm for other systems because you can just use couchdb as the registry
<jfhbrook> I had a really bad time, and not just because npm itself has problems
<ELLIOTTCABLE> o7 alva!
<jfhbrook> GOD FUCKING DAMN IT PAGERDUTY
<alva> We have our own apt repos, for all our stuff. Works well.
<ELLIOTTCABLE> pikajude, jfhbrook: wat
<alva> Can update things swiftly and didn't have to reinvent wheels.
<pikajude> hi
<purr> pikajude: hi!
<jfhbrook> I have 8+ triggered incidents because devops did a cutover on their NAT
<jfhbrook> and sensu is **confused**
<ELLIOTTCABLE> alva: oh god, python's is the worst
<ELLIOTTCABLE> nearest to npm-quality is Ruby, afaik
<ELLIOTTCABLE> I haven't used Nix yet, although I've heard good things
<jfhbrook> nix is a chill alternative to things like apt
<ELLIOTTCABLE> but all the *sane* system-package-managers say ‘please don't wrap libraries’, for really fucking obvious and good reasons
<jfhbrook> where you can have a global store of your packages
<ELLIOTTCABLE> pacman, Homebrew: “plz install using pip/cabal/npm, plz. don't install with brew/pacman.”
Sgeo__ has joined #elliottcable
<alva> Nix's biggest problem is lack of packages imo
<ELLIOTTCABLE> “just put it in apt?” ahahahah. no.
<alva> ELLIOTTCABLE: I mean, there'it's different to have your own repo of your company's libs
<alva> ^W fail
<ELLIOTTCABLE> honestly, I'm *really* impressed with npm
<ELLIOTTCABLE> but there's one, subtle change (that someone in this room, actually, convinced me of), that I'm going to make for my slightly-npm-inspired packaging system for my work:
<ELLIOTTCABLE> you won't be able to have <packaging system dependencies> for things that, themselves, are not published to the packaging system.
<ELLIOTTCABLE> like, you'll literally have to open up the source code, and rip out disable/protections, if you want to try and `manager install <package>` in a project that isn't, itself, published to the registry.
<ELLIOTTCABLE> because alexgordon has thoroughly convinced me that *end-of-the-line products* (basically, applications / sites / whatever) shouldn't be using package managers: they should be statically vendoring, and versioning, *all* of their dependencies.
<ELLIOTTCABLE> package-managers, interdependency resolution … that's for *libraries*, and for one final *generation* of <static set of dependencies> for the end-product that uses some given set of those libraries.
<ELLIOTTCABLE> I've also got some radical ideas on versioning, but ... not relevant rn
<alva> Yeah. The only argument against that which makes a bit of sense is "but security!", I'm just not convinced it's more work to update a bunch of statically linked binaries than to update a dynamic library, if you've built your process for that.