Hi, the npm and go integration doesn’t support a lot of common OE feature like: * Download proxy * Minimize image size (packet split, single copy, dead code removal, …) * Software version management * Dependency management * License compliance * Vulnerability scanner * SBOM generator
Even the `Download proxy` is only partly supported. The npm packages could download artifacts during compile and Go projects without vendor directory download dependencies during compile.
The current state of npm and Go in OE aren’t complete, and a user need to setup a DevOps chain outside of OE to take over the missing parts. Furthermore, the DevOps chain needs its own download proxy, and npm and Go supports cross compile by itself, so the advantage of the OE integration is minimal.
Based on my work on a npm improvement in the last months I see two possible solutions: a) Handle npm and Go projects like C/C++ or Python projects and create a recipe per project. b) Remove npm and Go support from OE and build artifacts via external DevOps chain.
I think the best solution would be a) because it avoids user specific solution and allows collaboration. A solution between a) and b) isn’t reasonable because it doesn’t solve the problem of an additional DevOps chain and introduce a two-class society for languages.
Does somebody use npm and Go and cares about the missing features? Any feedback, opinions or interests would be helpful. Regards Stefan
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1409): https://lists.openembedded.org/g/openembedded-architecture/message/1409 Mute This Topic: https://lists.openembedded.org/mt/88417908/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-architecture/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
