Yeah, that was my question since I was aware of the heavy list of packages use by express was wondering any red flags that license check catch and what was the outcome of further investigation.
I just also did a quick review and no red flags I saw. But again i'm not a lawyer :-) On Mon, Oct 5, 2015 at 10:30 PM Tim Barham <tim.bar...@microsoft.com> wrote: > Oh, regarding the legal aspect... > > I can 'coho check-license', and didn't encounter any issues. It flagged > two packages under express: > > * 'ms' (a millisecond conversion utility) which has no license file or > license entry in package.json, but on investigation is released under the > MIT license (in the README). > * 'inherits', which is released under the ISC license (which a lot of our > dependencies are - we just haven't added it to the acceptable license list). > > So I feel ok about that aspect. Most of those 43 modules are actually, > technically, part of Express (or very closely related to it). > > Tim > > -----Original Message----- > From: Tim Barham > Sent: Monday, October 5, 2015 7:15 PM > To: 'dev@cordova.apache.org' <dev@cordova.apache.org> > Subject: RE: [DISCUSS] cordova-serve 0.2.0 release > > Yeah... This is a philosophy of the Express guys - they keep packages > really small, and have more packages. Basically, their philosophy is that > each package should only define one discrete piece of functionality, in a > single source file. As soon as that file gets too big or there is a feeling > that functionality should be extracted into another file, that becomes > another package. > > This results in a lot of packages, but they're all really tiny. Do we > consider that (the number of packages) a problem? > > -----Original Message----- > From: Carlos Santana [mailto:csantan...@gmail.com] > Sent: Monday, October 5, 2015 6:54 PM > To: dev@cordova.apache.org > Subject: Re: [DISCUSS] cordova-serve 0.2.0 release > > Tim you realize that by bringing in "express" as a dependency to cordova > cli you are bringing a 43 other npm packages? > > Did you or your team did a quick assessment on how healthy legally > speaking on the complete set of dependencies? > ⛄ $ npm install express 1>/dev/null && find node_modules/express | grep > package.json | wc -l > 43 > > I would also be concern about size, we had problems in the past where > dependencies includes fixtures and this added considerable file size to > cordova-cli I check and it's small 1.7mb, so no problem there. > > ⛄ $ du -sh node_modules/express/ > 1.7M node_modules/express/ > > > On Mon, Oct 5, 2015 at 1:29 PM Steven Gill <stevengil...@gmail.com> wrote: > > > I'd rather we bump the major and get out of 0.x.x land. > > On Oct 5, 2015 9:58 AM, "Tim Barham" <tim.bar...@microsoft.com> wrote: > > > > > If the version is 0.x.x, then bumping the minor version is treated > > > as a breaking change (by npm/semver) - the idea is that until > > > version 1.0.0, things are still in flux. > > > > > > That said, I'm happy to call it 1.0.0 if that's preferable. > > > > > > -----Original Message----- > > > From: Steven Gill [mailto:stevengil...@gmail.com] > > > Sent: Monday, October 5, 2015 9:01 AM > > > To: dev@cordova.apache.org > > > Subject: Re: [DISCUSS] cordova-serve 0.2.0 release > > > > > > Why not 1.0.0 if it is breaking > > > On Oct 4, 2015 5:22 PM, "Tim Barham" <tim.bar...@microsoft.com> wrote: > > > > > > > Hi all... Yesterday I submitted a PR that was a bit of a rework to > > > > cordova-serve - previously it had essentially been a direct port > > > > of what was in cordova-lib's 'serve' command and cordova-browser, > > > > with a couple of hooks to customize functionality. Yesterday's PR > > > > changes it to use ExpressJS for the grunt-work (which simplifies > > > > the code a lot), and removes those hooks in favor of the ability > > > > to attach Express middleware (a breaking change, which will > > > > require the next release to be bumped to 0.2.0). If anyone who has > > > > an opinion about this could take a look and provide feedback, that'd > be great. > > > > > > > > Once I've merged it, I'd like to start a vote thread for an > > > > updated release of cordova-serve containing this change for a > > > > couple of > > reasons: > > > > > > > > * I have the corresponding changes for cordova-browser and > > > > cordova-lib ready to go, but I can't get them in until we release > > > > the updated cordova-serve module. > > > > * I have another module that uses cordova-serve that I'd like to > > > > switch over to the ExpressJS version. > > > > > > > > Thanks! > > > > > > > > Tim > > > > > > > > > > > > ------------------------------------------------------------------ > > > > --- To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org > > > > For additional commands, e-mail: dev-h...@cordova.apache.org > > > > > > > > > > > > > > -------------------------------------------------------------------- > > > - To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org > > > For additional commands, e-mail: dev-h...@cordova.apache.org > > > > > >
