I do agree that their development communities would shrug at this, but, if every distro drops the nodejs ecosystem from their package repos, the applications leveraging node modules that the users get currently through their package managers -- (most of the notables they aren't getting them from official repos because it's such a flaky set of workarounds) -- will fall into obscurity, and quickly.

Sure, SuperMegaApp3000 in nodejs won't be accessible to users through the package manager (if it ever was, let's be real).  That's an environmental stressor for an actor in a system:  If there is need for the utility provided, that demand will generate alternatives.  If there's not, then those apps, if they want to remain relevant, will end up being rewritten in more sustainable runtimes.

The nodejs developers would quickly realize the importance of these problems they're creating and come up with solutions if the runtime is to survive.

If all these distros continue to grind their wheels toiling at and around this problem that needs solved upstream it takes the pressure off upstream to solve it.

While I'm taking shots at things, librpm needs modernized too.  The "alternative package management" problem is springing up bad solutions that are harmful to the systems they operate on.  Another topic but with similar drivers.


On Wed, Feb 24, 2021 at 2:57 AM Dan Čermák <dcermak@suse.com> wrote:
Chris Punches <punches.chris@gmail.com> writes:

> If I can offer an outside opinion... after watching how the nodejs
> ecosystem interacts with the rest of the os on these systems....after
> observing the issues packagers are constantly running into with nodejs
> packages when packaging for other distros....as well as opensuse -- my
> observed opinion is that no distro should package them at all.
> The maintainers for npm simply do not care to integrate with the os.  It's
> junkware.  It was never meant not to be outside of rare instances of
> extreme hubris in the javascript community.
> I know it's not good to call something so many people contribute to
> 'junkware', but, it makes no attempt to fix their broken package management
> model, is a vessel for security problems to otherwise secure operating
> systems.  They know these problems exist.  They do not desire to fix them.
> They view their way of package distribution as superior, without any regard
> for the rest of the system -ir even the environments in their own use cases
> when designing this architecture- because that community comes from a
> culture that does not acknowledge that the OS exists.  I have heard these
> conversations take place on development shop floors.
> Drop them.  The nodejs maintainers get away with these arrogant models
> because every distro is trying hard to integrate their poorly designed
> package delivery pipelines and dependency models for no other reason than
> that alot of software that should not have been written in this runtime,
> was written in this runtime, and we all need the latest app.

This suggestion is not going to solve anything whatsoever. The nodejs
community doesn't care about distribution packaging, because they just
`npm install` their dependencies into some outdated Ubuntu or Alpine
docker container (most often from their Mac or Windows machine). The
best you're going to get from them is a shrug.

On the other hand, actual users of openSUSE and all other Linux
distributions will no longer have convenient access to applications
leveraging node modules via their OS' package manager.

So by dropping every node package, we're only going to make matters
worse and us as a distro less relevant. I fail to see how this should
improve anything.



Dan Čermák <dcermak@suse.com>
Software Engineer Development tools
SUSE Software Solutions Germany GmbH
Maxfeldstr. 5
90409 Nuremberg

(HRB 36809, AG Nürnberg)
Managing Director: Felix Imendörffer