Haha yeah - just ping the people in your company directory Carlos for some advice :) Maybe they can even update the licenses just for you ;)
On Mon, Oct 5, 2015 at 7:43 PM, Carlos Santana <[email protected]> wrote: > Also express is sponsored by StrongLoop which I heard recently got acquired > by a big company where a bunch of cool engineer work at ;-p > > On Mon, Oct 5, 2015 at 10:38 PM Carlos Santana <[email protected]> wrote: > >> Yeah, that was my question since I was aware of the heavy list of packages >> use by express was wondering any red flags that license check catch and >> what was the outcome of further investigation. >> >> I just also did a quick review and no red flags I saw. But again i'm not a >> lawyer :-) >> >> >> On Mon, Oct 5, 2015 at 10:30 PM Tim Barham <[email protected]> >> wrote: >> >>> Oh, regarding the legal aspect... >>> >>> I can 'coho check-license', and didn't encounter any issues. It flagged >>> two packages under express: >>> >>> * 'ms' (a millisecond conversion utility) which has no license file or >>> license entry in package.json, but on investigation is released under the >>> MIT license (in the README). >>> * 'inherits', which is released under the ISC license (which a lot of our >>> dependencies are - we just haven't added it to the acceptable license list). >>> >>> So I feel ok about that aspect. Most of those 43 modules are actually, >>> technically, part of Express (or very closely related to it). >>> >>> Tim >>> >>> -----Original Message----- >>> From: Tim Barham >>> Sent: Monday, October 5, 2015 7:15 PM >>> To: '[email protected]' <[email protected]> >>> Subject: RE: [DISCUSS] cordova-serve 0.2.0 release >>> >>> Yeah... This is a philosophy of the Express guys - they keep packages >>> really small, and have more packages. Basically, their philosophy is that >>> each package should only define one discrete piece of functionality, in a >>> single source file. As soon as that file gets too big or there is a feeling >>> that functionality should be extracted into another file, that becomes >>> another package. >>> >>> This results in a lot of packages, but they're all really tiny. Do we >>> consider that (the number of packages) a problem? >>> >>> -----Original Message----- >>> From: Carlos Santana [mailto:[email protected]] >>> Sent: Monday, October 5, 2015 6:54 PM >>> To: [email protected] >>> Subject: Re: [DISCUSS] cordova-serve 0.2.0 release >>> >>> Tim you realize that by bringing in "express" as a dependency to cordova >>> cli you are bringing a 43 other npm packages? >>> >>> Did you or your team did a quick assessment on how healthy legally >>> speaking on the complete set of dependencies? >>> ⛄ $ npm install express 1>/dev/null && find node_modules/express | grep >>> package.json | wc -l >>> 43 >>> >>> I would also be concern about size, we had problems in the past where >>> dependencies includes fixtures and this added considerable file size to >>> cordova-cli I check and it's small 1.7mb, so no problem there. >>> >>> ⛄ $ du -sh node_modules/express/ >>> 1.7M node_modules/express/ >>> >>> >>> On Mon, Oct 5, 2015 at 1:29 PM Steven Gill <[email protected]> >>> wrote: >>> >>> > I'd rather we bump the major and get out of 0.x.x land. >>> > On Oct 5, 2015 9:58 AM, "Tim Barham" <[email protected]> wrote: >>> > >>> > > If the version is 0.x.x, then bumping the minor version is treated >>> > > as a breaking change (by npm/semver) - the idea is that until >>> > > version 1.0.0, things are still in flux. >>> > > >>> > > That said, I'm happy to call it 1.0.0 if that's preferable. >>> > > >>> > > -----Original Message----- >>> > > From: Steven Gill [mailto:[email protected]] >>> > > Sent: Monday, October 5, 2015 9:01 AM >>> > > To: [email protected] >>> > > Subject: Re: [DISCUSS] cordova-serve 0.2.0 release >>> > > >>> > > Why not 1.0.0 if it is breaking >>> > > On Oct 4, 2015 5:22 PM, "Tim Barham" <[email protected]> >>> wrote: >>> > > >>> > > > Hi all... Yesterday I submitted a PR that was a bit of a rework to >>> > > > cordova-serve - previously it had essentially been a direct port >>> > > > of what was in cordova-lib's 'serve' command and cordova-browser, >>> > > > with a couple of hooks to customize functionality. Yesterday's PR >>> > > > changes it to use ExpressJS for the grunt-work (which simplifies >>> > > > the code a lot), and removes those hooks in favor of the ability >>> > > > to attach Express middleware (a breaking change, which will >>> > > > require the next release to be bumped to 0.2.0). If anyone who has >>> > > > an opinion about this could take a look and provide feedback, >>> that'd be great. >>> > > > >>> > > > Once I've merged it, I'd like to start a vote thread for an >>> > > > updated release of cordova-serve containing this change for a >>> > > > couple of >>> > reasons: >>> > > > >>> > > > * I have the corresponding changes for cordova-browser and >>> > > > cordova-lib ready to go, but I can't get them in until we release >>> > > > the updated cordova-serve module. >>> > > > * I have another module that uses cordova-serve that I'd like to >>> > > > switch over to the ExpressJS version. >>> > > > >>> > > > Thanks! >>> > > > >>> > > > Tim >>> > > > >>> > > > >>> > > > ------------------------------------------------------------------ >>> > > > --- To unsubscribe, e-mail: [email protected] >>> > > > For additional commands, e-mail: [email protected] >>> > > > >>> > > > >>> > > >>> > > -------------------------------------------------------------------- >>> > > - To unsubscribe, e-mail: [email protected] >>> > > For additional commands, e-mail: [email protected] >>> > > >>> > >>> >> --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
