OK, since the package review last weekend, I've been reading
documentation, discussion threads, and running various experiments with
LLMs.
Among other things, because dependencies installed in node_modules don't
necessarily have their own devDependencies installed, I think the only
reasonable way to bundle dependencies is to not bundle any module that
contains native binaries or Wasm files, and to require those modules to
be installed as system modules. ( Ref:
https://github.com/orgs/community/discussions/199880 )
To aid future package reviews of all types, I've suggested a change to
fedora-review that will scan for native binaries in source archives:
https://forge.fedoraproject.org/packaging/FedoraReview/pulls/553
Eventually I found "npm2rpm" which I think could reasonably replace
nodejs-packaging-bundler and probably package "source.sh" scripts, if it
were able to detect modules with binaries or Wasm and avoid bundling
those. They'd need to be provided as system packages. I've offered such
a feature to the developers of that project:
https://github.com/theforeman/npm2rpm/pull/93
Additionally, I have another branch in my fork that adds more
Fedora-specific changes to the spec template:
https://github.com/gordonmessmer/npm2rpm/tree/fedora-spec
Finally, I've written a draft update of the packaging guidelines, if
npm2rpm replaces nodejs-packaging-bundler:
https://forge.fedoraproject.org/packaging/guidelines/pulls/1553
--
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://forge.fedoraproject.org/infra/tickets/issues/new