Packaging a npm/nodejs CLI application?
Dear packagers, is there a good example on how to package a nodejs / npm CLI application? Something that could be installed using "npm install -g XXX"? I know I can "prepare"/vendor the required node_modules using the service of the same name. I can provide them inside the build with the local-npm-registry call as given by the node_modules documentation. But what then? If there is no "build" step involved, do I only issue %{nodejs_install}? So, lots of questions, hence a pointer to an example package would be highly appreciated... Kind Regards, Johannes
Hello Johannes Am Sonntag, 3. November 2024, 10:57:06 Mitteleuropäische Normalzeit schrieb Johannes Kastl:
is there a good example on how to package a nodejs / npm CLI application?
There is unfortunately not much hope - this hipster stuff is absolutely not meant to go into a rpm package. I had some trials years ago together with Marguerite Su, getting a kind of container with all the nodejs stuff in it. The soluton was quite fragile Last attempt was in 2021 by Adam Majer, to create a OBS service to package nodejs. I did not hear from this anymore. https://github.com/openSUSE/obs-service-node_modules If you find a goof solution let me know Cheers Axel
Hi Axel, On 05.11.24 02:53 Axel Braun wrote:
Am Sonntag, 3. November 2024, 10:57:06 Mitteleuropäische Normalzeit schrieb Johannes Kastl:
is there a good example on how to package a nodejs / npm CLI application?
There is unfortunately not much hope - this hipster stuff is absolutely not meant to go into a rpm package.
I had some trials years ago together with Marguerite Su, getting a kind of container with all the nodejs stuff in it. The soluton was quite fragile
Hmmm.
Last attempt was in 2021 by Adam Majer, to create a OBS service to package nodejs. I did not hear from this anymore. https://github.com/openSUSE/obs-service-node_modules
That is the service I was writing about, that allows vendoring the depedencies. It works similar to the go_modules vendoring service. But what happens after that? It might be that the two examples I am trying with are not working as I am using a converted yarn.lock. I'll investigate further then...
If you find a goof solution let me know
Sure, will do so. Kind Regards, Johannes
Add me to the fail list, I made a package years ago to automate RPM packaging of nodejs modules: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs2rpm It works for most cases, but the dependency hell of Nodejs is way too deep, plus most people will install stuff directly anyway. Em seg., 4 de nov. de 2024, 23:32, Axel Braun <docb@opensuse.org> escreveu:
Hello Johannes
Am Sonntag, 3. November 2024, 10:57:06 Mitteleuropäische Normalzeit schrieb Johannes Kastl:
is there a good example on how to package a nodejs / npm CLI application?
There is unfortunately not much hope - this hipster stuff is absolutely not meant to go into a rpm package.
I had some trials years ago together with Marguerite Su, getting a kind of container with all the nodejs stuff in it. The soluton was quite fragile
Last attempt was in 2021 by Adam Majer, to create a OBS service to package nodejs. I did not hear from this anymore. https://github.com/openSUSE/obs-service-node_modules
If you find a goof solution let me know
Cheers Axel
Hi Enrico, On 13.11.24 13:17 Erico Mendonca wrote:
Add me to the fail list, I made a package years ago to automate RPM packaging of nodejs modules:
https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs2rpm
It works for most cases, but the dependency hell of Nodejs is way too deep, plus most people will install stuff directly anyway.
Thanks for the hint, I'll have a look. I think the only sane way is to do what we do with rust and go: Vendor all dependencies in a tarball before building. Packaging each dependency as a package would be super nice, but is not feasible if a simple hello world pulls in dozens of dependencies... Kind Regards, Johannes
Hi all, On 03.11.24 10:57 Johannes Kastl wrote:
Dear packagers,
is there a good example on how to package a nodejs / npm CLI application?
Something that could be installed using "npm install -g XXX"?
As there seems to be no good example, especially when the CLI has a yarn.lock, I hacked together a working package for synp: https://build.opensuse.org/request/show/1222461 Feedback is highly welcome. Kind Regards, Johannes P.S.: The ghost-cli is up next, which needs a special nodejs version. Podman to the rescue...
On Thu Nov 7, 2024 at 2:32 PM CET, Johannes Kastl wrote:
is there a good example on how to package a nodejs / npm CLI application?
Something that could be installed using "npm install -g XXX"?
As there seems to be no good example, especially when the CLI has a yarn.lock, I hacked together a working package for synp:
I have stolen from Fedora packaging of python-furo https://build.opensuse.org/request/show/1221612 Best, Matěj -- http://matej.ceplovi.cz/blog/, @mcepl@floss.social GPG Finger: 3C76 A027 CA45 AD70 98B5 BC1D 7920 5802 880B C9D8 Q: Is vi an easy editor to learn, is it intuitive? A: Yes, some of us think so. But most people think that we are crazy. -- vi FAQ
Hi Matěj, On 08.11.24 00:12 Matěj Cepl wrote:
On Thu Nov 7, 2024 at 2:32 PM CET, Johannes Kastl wrote:
is there a good example on how to package a nodejs / npm CLI application?
I have stolen from Fedora packaging of python-furo https://build.opensuse.org/request/show/1221612
Uh, that looks complicated. :-) But thanks for the pointer. Kind Regards, Johannes
Hey, I tried to package some applications but the packaging is brittle. Best I came up with was either the bootstrapping of the sources works using a precheckin script or you use the upstream packaging with stripping all the prebuild binaries. The latter only works with packages without native node modules. The former can work even with native modules but could require patching to remove vendored libraries or other packaging workarounds. CVE tracking is also more complicated as you have to deal with all the bundled js libraries and other patch or relay on upstream. Try your best. Sometimes it's hard to avoid this kind of application. Br, Björn
Hi Björn, On 13.11.24 22:45 Björn Bidar wrote:
CVE tracking is also more complicated as you have to deal with all the bundled js libraries and other patch or relay on upstream.
Same with go and rust. Ugly, but the only feasible way...
Try your best. Sometimes it's hard to avoid this kind of application.
I got a working package! Hooray.
https://build.opensuse.org/package/show/devel:languages:nodejs/synp
Kind Regards, Johannes
participants (5)
-
Axel Braun -
Björn Bidar -
Erico Mendonca -
Johannes Kastl -
Matěj Cepl