Re: [Openembedded-architecture] Status and future of npm and go support

Fri, 14 Jan 2022 06:09:24 -0800 


On 2022-01-14 06:16, Alexander Kanavin wrote:

Three possible solutions, please:


c) improve npm and go tooling in collaboration with respective upstreams 
so that it fulfils our use cases.


Both a and b are not tenable in my opinion.



100% agree.

MarkA


Alex


On Fri, 14 Jan 2022 at 11:09, Stefan Herbrechtsmeier 
<[email protected] 
<mailto:[email protected]>> wrote:


    Hi,

    the npm and go integration doesn’t support a lot of common OE
    feature like:
    * Download proxy
    * Minimize image size (packet split, single copy, dead code removal, …)
    * Software version management
    * Dependency management
    * License compliance
    * Vulnerability scanner
    * SBOM generator

    Even the `Download proxy` is only partly supported. The npm packages
    could download artifacts during compile and Go projects without vendor
    directory download dependencies during compile.

    The current state of npm and Go in OE aren’t complete, and a user need
    to setup a DevOps chain outside of OE to take over the missing parts.
    Furthermore, the DevOps chain needs its own download proxy, and npm and
    Go supports cross compile by itself, so the advantage of the OE
    integration is minimal.

    Based on my work on a npm improvement in the last months I see two
    possible solutions:
    a) Handle npm and Go projects like C/C++ or Python projects and
    create a
    recipe per project.
    b) Remove npm and Go support from OE and build artifacts via external
    DevOps chain.

    I think the best solution would be a) because it avoids user specific
    solution and allows collaboration. A solution between a) and b) isn’t
    reasonable because it doesn’t solve the problem of an additional DevOps
    chain and introduce a two-class society for languages.

    Does somebody use npm and Go and cares about the missing features?

    Any feedback, opinions or interests would be helpful.

    Regards
        Stefan








-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#1415): 
https://lists.openembedded.org/g/openembedded-architecture/message/1415
Mute This Topic: https://lists.openembedded.org/mt/88417908/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-architecture/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-























					Reply via email to