✨ Feature Suggestion | Use npm/yarn #1334
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#1334
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
At the moment we just have Font Awesome, Bootstrap, jQuery and other
JavaScript files just being uploaded to repository. It makes updating and
managing it a bit harder and also makes repository a bit bloated, as binary
and minified files diff bad.
My suggestion is to use yarn or npm for managing JavaScript/CSS/Font
dependencies. I like myself yarn more than npm, so that's what I recommend.
Yes, that will introduce more tooling, but with a good
CONTRIBUTING.md
itshould be easy for new contributors.
I am fine with doing all the work required.
Hmm okay, so to clarify we'd rely on npm or yarn for managing our external JS dependencies, something like?
Also worth calling out is the past security issues with npm packages and how packages become insanely deep. In regards to the depth "issue," I usually like pnpm:
In regards to security, we'd probably want to later look into npm audit, yarn audit, Snyk, or Greenkeeper for ideas how to make sure we can deal with security issues quickly that come up for any dependency. I'm likely overthinking right now but it's best to mention this I think.
And regardless, using a package manager makes sense for maintainability in the long-run plus being able to update package versions easier. And an easy-to-follow
CONTRIBUTING.md
would be great so that new developers won't get tripped up with this when they want to contribute to the repo.Yes.
Maybe I'm wrong, but isn't Yarn's Plug'n'Play the solution?
https://yarnpkg.com/lang/en/docs/pnp/
Whoa, TIL thx for sharing 👍🏼 Looks like that can work.
A comment I made in our Wire team chat: