(moving to dev@) On Thu, 7 Oct 2021 at 03:59, [email protected] <[email protected]> wrote:
> +1 > > In the long run I am interested in how NPM fits with the Apache Foundation. > But maybe that is something to raise with @legal and @infra: > - Current vetting of licenses is based heavily on maven (e.g. maven-rat), > how will that translate into NPM? > The project is responsible for the 3rd party components/libraries it uses I try to check the license of JS components (but not their trees) - NPM ecosystem is considered a lot more volatile than Maven. A lot more > changes in a shorter period of time. Would probably mean even tighter > governance on making sure licensing is considered > We are (semi)manually updating versions this might be dangerous since we have no frontend tests :( - Same for managing dependencies: ASF has a Maven repo, but no NPM > repo/mirror. Are there any plans at ASF to establish a NPM mirror, or are > we proposing npmjs is what projects should use and publish to? > If I'm not mistaken there was discussion Will try to search archives (no ETA unfortunately :(( ) > > There is actually an Incubating project that is purely publishing themself > as NPM module: > https://annotator.apache.org/docs/ > as well as > https://cordova.apache.org/ publishes NPM packages > as well as > https://apache.github.io/royale-docs/get-started/royale-cli > > So we are not the very first project using it. But I expect more projects > in the future. > > Thanks > Seb > > Sebastian Wagner > Director Arrakeen Solutions, OM-Hosting.com > http://arrakeen-solutions.co.nz/ > https://om-hosting.com - Cloud & Server Hosting for HTML5 > Video-Conferencing OpenMeetings > < > https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url > > > < > https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url > > > > -- Best regards, Maxim
