I do agree that their development communities would shrug at this, but, if
every distro drops the nodejs ecosystem from their package repos, the
applications leveraging node modules that the users get currently through
their package managers -- (most of the notables they aren't getting them
from official repos because it's such a flaky set of workarounds) -- will
fall into obscurity, and quickly.
Sure, SuperMegaApp3000 in nodejs won't be accessible to users through the
package manager (if it ever was, let's be real). That's an environmental
stressor for an actor in a system: If there is need for the utility
provided, that demand will generate alternatives. If there's not, then
those apps, if they want to remain relevant, will end up being rewritten in
more sustainable runtimes.
The nodejs developers would quickly realize the importance of these
problems they're creating and come up with solutions if the runtime is to
If all these distros continue to grind their wheels toiling at and around
this problem that needs solved upstream it takes the pressure off upstream
to solve it.
While I'm taking shots at things, librpm needs modernized too. The
"alternative package management" problem is springing up bad solutions that
are harmful to the systems they operate on. Another topic but with similar
On Wed, Feb 24, 2021 at 2:57 AM Dan Čermák <dcermak(a)suse.com> wrote:
Chris Punches <punches.chris(a)gmail.com> writes:
If I can offer an outside opinion... after
watching how the nodejs
ecosystem interacts with the rest of the os on these systems....after
observing the issues packagers are constantly running into with nodejs
packages when packaging for other distros....as well as opensuse -- my
observed opinion is that no distro should package them at all.
The maintainers for npm simply do not care to integrate with the os.
junkware. It was never meant not to be outside
of rare instances of
I know it's not good to call something so many people contribute to
'junkware', but, it makes no attempt to fix their broken package
model, is a vessel for security problems to
otherwise secure operating
systems. They know these problems exist. They do not desire to fix
They view their way of package distribution as
superior, without any
for the rest of the system -ir even the
environments in their own use
when designing this architecture- because that
community comes from a
culture that does not acknowledge that the OS exists. I have heard these
conversations take place on development shop floors.
Drop them. The nodejs maintainers get away with these arrogant models
because every distro is trying hard to integrate their poorly designed
package delivery pipelines and dependency models for no other reason than
that alot of software that should not have been written in this runtime,
was written in this runtime, and we all need the latest app.
This suggestion is not going to solve anything whatsoever. The nodejs
community doesn't care about distribution packaging, because they just
`npm install` their dependencies into some outdated Ubuntu or Alpine
docker container (most often from their Mac or Windows machine). The
best you're going to get from them is a shrug.
On the other hand, actual users of openSUSE and all other Linux
distributions will no longer have convenient access to applications
leveraging node modules via their OS' package manager.
So by dropping every node package, we're only going to make matters
worse and us as a distro less relevant. I fail to see how this should
Dan Čermák <dcermak(a)suse.com>
Software Engineer Development tools
SUSE Software Solutions Germany GmbH
(HRB 36809, AG Nürnberg)
Managing Director: Felix Imendörffer