Difference between revisions of "Node.js package guidelines"

From ArchWiki
Jump to: navigation, search
(Using npm: add security fix for packaging world-writable directories)
(change category to Category:Arch package guidelines)
 
(6 intermediate revisions by 4 users not shown)
Line 1: Line 1:
[[Category:Package development]]
+
[[Category:Arch package guidelines]]
 
[[ja:Node.js パッケージガイドライン]]
 
[[ja:Node.js パッケージガイドライン]]
 +
[[pt:Node.js package guidelines]]
 
{{Package guidelines}}
 
{{Package guidelines}}
  
Line 17: Line 18:
 
This is a minimal {{ic|package}} function:
 
This is a minimal {{ic|package}} function:
  
{{bc|
+
{{bc|<nowiki>
 
package() {
 
package() {
    cd $srcdir/$pkgname-$pkgver
+
     npm install -g --user root --prefix "$pkgdir"/usr "$srcdir"/source-tarball.tar.gz
     npm install -g --user root --prefix "$pkgdir"/usr
+
 
 
     # Non-deterministic race in npm gives 777 permissions to random directories.
 
     # Non-deterministic race in npm gives 777 permissions to random directories.
 
     # See https://github.com/npm/npm/issues/9359 for details.
 
     # See https://github.com/npm/npm/issues/9359 for details.
 
     find "${pkgdir}"/usr -type d -exec chmod 755 {} +
 
     find "${pkgdir}"/usr -type d -exec chmod 755 {} +
 
}
 
}
}}
+
</nowiki>}}
  
 
=== Setting temporary cache ===
 
=== Setting temporary cache ===
Line 32: Line 33:
  
 
Download dependencies to {{ic|${srcdir}/npm-cache}} and install them in package directory
 
Download dependencies to {{ic|${srcdir}/npm-cache}} and install them in package directory
 +
  
 
  npm install --cache "${srcdir}/npm-cache"  
 
  npm install --cache "${srcdir}/npm-cache"  
Line 37: Line 39:
 
Continue with packaging as usual
 
Continue with packaging as usual
 
  npm run packager
 
  npm run packager
 +
 +
 +
=== Package contains reference to $srcdir/$pkgdir ===
 +
 +
npm unfortunately creates references to the source dir and the pkg dir. This is [https://github.com/npm/npm/issues/12110 a known issue in NPM], and actually considered a feature. However, you may remove those reference manually, since they are not used in any way.
 +
 +
All dependendcies will contain a reference to {{ic|$pkgdir}}, in the {{ic|_where}} attribute. You can usually remove those attributes with some sed magic as follows:
 +
  find "$pkgdir" -name package.json -print0 | xargs -0 sed -i '/_where/d'
 +
 +
Your main package will have some other references too. The easiest way to remove those is to remove all underscored properties, but that is not as easy with sed. Instead, you can use {{Pkg|jq}} for similar results as follows:
 +
{{bc|<nowiki>
 +
local tmppackage="$(mktemp)"
 +
local pkgjson="$pkgdir/usr/lib/node_modules/$pkgname/package.json"
 +
jq '.|=with_entries(select(.key|test("_.+")|not))' "$pkgjson" > "$tmppackage"
 +
mv "$tmppackage" "$pkgjson"
 +
chmod 644 "$pkgjson"
 +
</nowiki>}}
 +
 +
An example of both techniques can be seen in {{AUR|bower-away}}.

Latest revision as of 18:51, 22 October 2018

Package creation guidelines

CLRCrossEclipseFree PascalGNOMEGoHaskellJavaKDEKernelLispMinGWNode.jsNonfreeOCamlPerlPHPPythonRRubyVCSWebWine

This document covers standards and guidelines on writing PKGBUILDs for Node.js packages.

Package naming

Package names should start with a nodejs- prefix.

Using npm

When installing with npm, add it as a build dependency:

makedepends=('npm')

This is a minimal package function:

package() {
    npm install -g --user root --prefix "$pkgdir"/usr "$srcdir"/source-tarball.tar.gz

    # Non-deterministic race in npm gives 777 permissions to random directories.
    # See https://github.com/npm/npm/issues/9359 for details.
    find "${pkgdir}"/usr -type d -exec chmod 755 {} +
}

Setting temporary cache

When npm processes package.json in order to build a package it downloads dependencies to its default cache folder at $HOME/.npm. To avoid littering user's home folder we can temporarily set a different cache folder with --cache flag:

Download dependencies to ${srcdir}/npm-cache and install them in package directory


npm install --cache "${srcdir}/npm-cache" 

Continue with packaging as usual

npm run packager


Package contains reference to $srcdir/$pkgdir

npm unfortunately creates references to the source dir and the pkg dir. This is a known issue in NPM, and actually considered a feature. However, you may remove those reference manually, since they are not used in any way.

All dependendcies will contain a reference to $pkgdir, in the _where attribute. You can usually remove those attributes with some sed magic as follows:

 find "$pkgdir" -name package.json -print0 | xargs -0 sed -i '/_where/d'

Your main package will have some other references too. The easiest way to remove those is to remove all underscored properties, but that is not as easy with sed. Instead, you can use jq for similar results as follows:

local tmppackage="$(mktemp)"
local pkgjson="$pkgdir/usr/lib/node_modules/$pkgname/package.json"
jq '.|=with_entries(select(.key|test("_.+")|not))' "$pkgjson" > "$tmppackage"
mv "$tmppackage" "$pkgjson"
chmod 644 "$pkgjson"

An example of both techniques can be seen in bower-awayAUR.