Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integrate erborist #132

Open
leodido opened this issue Mar 9, 2023 · 0 comments
Open

Integrate erborist #132

leodido opened this issue Mar 9, 2023 · 0 comments
Assignees
@leodido
Labels
enhancement New feature or request

Comments

@leodido
Copy link
Member

leodido commented Mar 9, 2023

Describe the feature or problem you’d like to solve

The first release of erborist is out.

Its goal is to generate package-lock.json files...

  • without Node.js
  • without using npm
  • ensuring to never actually download/install anything (no node_modules/)
  • targeting a specific lock file version disregarding the npm version the user may have or not
  • even if the package.json scripts are broken

It frees our users from the need of having npm installed. What's more, it frees the analysis from requiring a package.json well-formed in all of its parts (for example erborist creates the dependencies tree even from package.json with broken scripts).

It's generally a better alternative than running npm (with --ignore-scripts or not) on the users' machines.

Proposed solution

The lstn CLI should use erborist when available for the OS/arch pair.

In case we do not have a erborist binary for the OS/arch pair we have 2 options:

  1. notify the user, and exit
  2. fallback to the existing mechanism (executing npm).

Additional context

Following up from #102.
@leodido leodido added the enhancement New feature or request label Mar 9, 2023
@leodido leodido self-assigned this Mar 9, 2023
@fntlnz fntlnz mentioned this issue Mar 26, 2023
Closed
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@leodido leodido

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@leodido