On Mon, 21 Aug 2017 18:03:02 +0200, Ross Gammon <javascr...@the-gammons.net> 

> Anyway - if we instead separately packaged a different version of a
> node module, where would it be installed? Do we have to patch all
> reverse dependencies of the module so it uses the right version at
> runtime (when both versions might be installed), or can we rely on
> some PATH trickery?

That's what I was trying to get opinions on in my original message.  I
think the sanest method is to use symlinks within the node_modules
directory.  So, for example, if foo (which is in /usr/lib/nodejs/foo)
uses bar API version 2 (which is in /usr/lib/nodejs/bar2), then
/usr/lib/nodejs/foo/node_modules/bar would be a symlink to
/usr/lib/nodejs/bar2.  Then when foo does a "require("bar");" then Node
will find /usr/lib/nodejs/foo/node_modules/bar, follow the symlink, and
use the right version.

I can understand the need in some certain situations to embed code
copies, but I think that those should be treated as the exception rather
than the rule.  (FWIW, I maintain a package in C/C++-land that does
embed code (because at the time it was originally written, a proper
library wasn't written yet, though some day I'd like to push a patch
upstream to make it use the now-written library), and I can say that
security support for it is a huge pain.  So I can sympathize with
maintainers who are placed in such unpleasant situations.)

Hubert Chathi <uho...@debian.org> -- https://www.uhoreg.ca/
Jabber: hub...@uhoreg.ca -- Matrix: @uhoreg:matrix.org
PGP/GnuPG key: 4096R/F24C F749 6C73 DDB8 DCB8  72DE B2DE 88D3 113A 1368

Pkg-javascript-devel mailing list

Reply via email to