I think the path of least resistance would be to follow the Node way and to patch dependencies on the application port level.
Two different applications are likely to have very different dependency graphs given how tiny and fast changing some modules are. Worst case scenario, we'll end up copying patches between ports (which would be a good sign that something is wrong with the upstream). Another interesting problem is fixing the versions of the dependencies so that the port build is reproducible. And from my experience "npm shrinkwrap" doesn't always work. Taking a step back, isn't the ultimate goal just making all the important modules installable on OpenBSD from npm? On Wed, Jul 9, 2014, at 02:13 AM, Andrew Fresh wrote: > I've been working more on making it easier to port node things, but have > run into a bit of a conundrum on best practices. > > Node has very interesting ways in which it installs dependencies. > > https://www.npmjs.org/doc/files/npm-folders.html > > While it will look in ${PREFIX}/lib/node_modules for things, if the > version there doesn't happen to match what it is hoping for, or for some > other reason I don't understand yet, NPM will download and install a > different version into > ${PREFIX}/lib/node_modules/${module}/node_modules. > > I'm not quite sure what to make of this or how to handle it. > > The Node community seems to think that installing multiple copies is a > reasonable solution, "It's fine, really. They're tiny JavaScript > programs". > > http://blog.nodejs.org/2011/03/23/npm-1-0-global-vs-local-installation/ > > > > My current idea is to figure out how to force all the dependences that > don't come with node itself into .../$module/node_modules and add these > as additional DISTFILES that we can convince NPM to use. > > > I believe this way we would target installing node applications rather > than development libraries, if someone wishes to develop in node, they > would likely be using npm to directly install their exact dependencies > into their local environment anyway instead of using the package tools. > > > One downside I can see right now is the size of node packages will get > bigger and if you install many node apps there may be a bunch of > duplicate code in /usr/local/lib/node_modules/*/node_modules. > > The biggest problem is that this makes patching dependencies difficult, > that is, if multiple node apps depend on node-pg, while we needed > patches for it, those patches would have been hard to handle > automatically. > > > How do other people handle these sorts of dependencies, specifically > with node-keybase? > > > l8rZ, > -- > andrew - http://afresh1.com > > The power!!!! The nightmares!!!! The strange medication!!!!!!!! >
