Why is there a fucknpm directory when installing via npm? #212
Comments
|
I have no idea why that directory is named like that. How did you install this package? You can see in the Makefile that that directory should be called 'dist'. |
|
I've ran Maybe it's someone else who've repackaged your library? |
|
Yes, looks like you are using a fork https://www.npmjs.com/package/js-sequence-diagrams I only have a package published in Bower (bramp/js-sequence-diagrams) not on npm. |
Ma27
added a commit
to Ma27/nixpkgs
that referenced
this issue
Apr 7, 2019
This diff regenerates the package sets for `codimd` and `codemirror` using NodeJS 8 to get rid of the deprecated[1] `nodejs-6_x`. Additionally the following issues had to be fixed during the update: * The package `js-sequence-diagram` has been removed from the NPM registry and was replaced by a security holding package[2]. The package was published by a third-party (upstream only supports bower builds), so it's unclear whether the package will re-appear[3]. As the tarballs still exist (and the hash didn't change), the package will be loaded manually into the build env. * For the babel-related packages, `dontNpmInstall` will be set for `node2nix` installs as some of those packages bundle a `package-lock.json` that triggers `ENOTCACHED` errors for optional dependencies[4]. For now it should be sufficient to use NodeJS 8 (`codimd` v1.2.x doesn't support NodeJS 10), in the long term we probably want to use `yarn2nix` here with NodeJS 10. This is much rather a fix to get rid of another NodeJS 6 dependency. [1] `nodejs-6_x` is about to be deprecated, see NixOS#58976 [2] https://www.npmjs.com/package/js-sequence-diagrams, https://github.com/npm/security-holder [3] bramp/js-sequence-diagrams#212 [4] svanderburg/node2nix#134
10 tasks
lheckemann
pushed a commit
to NixOS/nixpkgs
that referenced
this issue
Apr 7, 2019
This diff regenerates the package sets for `codimd` and `codemirror` using NodeJS 8 to get rid of the deprecated[1] `nodejs-6_x`. Additionally the following issues had to be fixed during the update: * The package `js-sequence-diagram` has been removed from the NPM registry and was replaced by a security holding package[2]. The package was published by a third-party (upstream only supports bower builds), so it's unclear whether the package will re-appear[3]. As the tarballs still exist (and the hash didn't change), the package will be loaded manually into the build env. * For the babel-related packages, `dontNpmInstall` will be set for `node2nix` installs as some of those packages bundle a `package-lock.json` that triggers `ENOTCACHED` errors for optional dependencies[4]. For now it should be sufficient to use NodeJS 8 (`codimd` v1.2.x doesn't support NodeJS 10), in the long term we probably want to use `yarn2nix` here with NodeJS 10. This is much rather a fix to get rid of another NodeJS 6 dependency. [1] `nodejs-6_x` is about to be deprecated, see #58976 [2] https://www.npmjs.com/package/js-sequence-diagrams, https://github.com/npm/security-holder [3] bramp/js-sequence-diagrams#212 [4] svanderburg/node2nix#134 (cherry picked from commit 5feec42, PR #59118)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It seems to contain the required built files:
Not sure if the name is a joke or something but it doesn't inspire confidence as it makes it look like the npm repo has been hacked. Is it possible to get some info about it? If it's a joke, good, but please document it.
The text was updated successfully, but these errors were encountered: