Re: [nodejs] Advice please .... risks with "no standard" manipulation of packages in node_modules

[Muhammad Wasim]

You might not be able to install it later on different environments. If you
have plans to use containers then you should not drop anything in
node_modules. It would be better if you just publish it as an npm package
and use it in your code by installing it through proper channel.

Regards,
Muhammad Wasim

On Wed, Nov 30, 2016 at 5:48 AM, Tom Fennelly 
wrote:

> Hi.
>
> I'm just wondering what might be the risks associated with manipulating
> the contents of the node_modules folder outside the normal "npm install"
> etc commands. IOW ... are there reasons why the a raw "drop in" of packages
> into the node_modules is a bad idea Vs doing it through the normal "npm
> install" mechanisms?
>
> I have a colleague proposing this basic idea as a solution to a problem we
> have (longer story that probably doesn't need airing here). For me, it just
> feels like the wrong thing to do (scares me), but my "gut feeling" is not a
> good enough reason for me to say that I think we should not consider doing
> it.
>
> So, I'd love if someone could enlighten me to the potential dangers, or if
> there's no real danger and nothing to worry about.
>
> Thanks guys.
>
> Regards,
>
> Tom.
>
> --
> Job board: http://jobs.nodejs.org/
> New group rules: https://gist.github.com/othiym23/9886289#file-
> moderation-policy-md
> Old group rules: https://github.com/joyent/node/wiki/Mailing-List-
> Posting-Guidelines
> ---
> You received this message because you are subscribed to the Google Groups
> "nodejs" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to nodejs+unsubscr...@googlegroups.com.
> To post to this group, send email to nodejs@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/nodejs/028d28c0-7566-49fb-ba5b-a57cf64178b4%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Regards,
Muhammad Wasim | Lead Software Engineer | Zigron Inc.
E-mail: muhammad.wa...@zigron.com
Website: www.zigron.com

-- 
Job board: http://jobs.nodejs.org/
New group rules: 
https://gist.github.com/othiym23/9886289#file-moderation-policy-md
Old group rules: 
https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
--- 
You received this message because you are subscribed to the Google Groups 
"nodejs" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to nodejs+unsubscr...@googlegroups.com.
To post to this group, send email to nodejs@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/nodejs/CAHWx-HCEvdbwW6Go2jhqVV5%3D7%3DZE9%2BshPvPrLSyV0qzJzoAg_Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [nodejs] Advice please .... risks with "no standard" manipulation of packages in node_modules

[Ben Noordhuis]

On Wed, Nov 30, 2016 at 1:48 AM, Tom Fennelly  wrote:
> Hi.
>
> I'm just wondering what might be the risks associated with manipulating the
> contents of the node_modules folder outside the normal "npm install" etc
> commands. IOW ... are there reasons why the a raw "drop in" of packages into
> the node_modules is a bad idea Vs doing it through the normal "npm install"
> mechanisms?
>
> I have a colleague proposing this basic idea as a solution to a problem we
> have (longer story that probably doesn't need airing here). For me, it just
> feels like the wrong thing to do (scares me), but my "gut feeling" is not a
> good enough reason for me to say that I think we should not consider doing
> it.
>
> So, I'd love if someone could enlighten me to the potential dangers, or if
> there's no real danger and nothing to worry about.
>
> Thanks guys.
>
> Regards,
>
> Tom.

In the end it's just files on disk.  If your node_modules has the
expected layout, node doesn't care if it was you or npm that put the
files there.

-- 
Job board: http://jobs.nodejs.org/
New group rules: 
https://gist.github.com/othiym23/9886289#file-moderation-policy-md
Old group rules: 
https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
--- 
You received this message because you are subscribed to the Google Groups 
"nodejs" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to nodejs+unsubscr...@googlegroups.com.
To post to this group, send email to nodejs@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/nodejs/CAHQurc-nFnNg7RA9%2BH77CfVnL5CoCYPirtEvdUzNC1CZkZ7u-g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.