I've always been in favour of a global package registry but I seem to be in a minority here (or I was a year ago).
-ash
https://github.com/cadorn/pinf/blob/master/docs/Design/Foundation.md
To use packages from this system I envision the following:
[JS Engine] -> [CommonJS Platform] -> [PureJS PM] -> [User Program]
Depending on the implementation of the [PureJS Package Manager] (I'll
provide one), package dependencies can be made available on a package
basis or on a global basis as you desire.
At this stage I am leaning towards building the PM on top of nodules for
completely transparent dependency resolution (without installation
step). If compilation of a depdnency is required a program could be
"primed" before it is run.
Christoph
--
You received this message because you are subscribed to the Google Groups "CommonJS" group.
To post to this group, send email to comm...@googlegroups.com.
To unsubscribe from this group, send email to commonjs+u...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/commonjs?hl=en.
* for a registry standard
* for package management solutions that support multiple registries
* against having one registry to rule them all
* against having a registry that couples global package names to local
module identifiers
I support the notion of a CommonJS registry. However, I think that a
registry format and implementation have to prove themselves and meet
the above criteria before I would be willing to support it. I also
would insist that inclusion in the registry be carefully curated. The
question then is "who" would curate it and what principles would they
follow.
* achieving unanimous support for packages on CommonJS would be
impractical since it would be likely to proceed at the same pace as
standards development.
* achieving a quorum on CommonJS is difficult because it's unclear who
the voting membership would consist of.
* CommonJS could delegate authority to manage the registry to a
committee, but the would involve more process and procedure than is in
keeping with the spirit of our organization.
* the principles of a single package registry curator are unlikely to
be representative of the wide variety of stances held by CommonJS
proponents.
Summarily, I think that per-implementation registries like NPM's will
be necessary and a CommonJS registry would not be inclusive enough to
be sufficient. I think it would be useful to have a CommonJS registry
and for all implementations to include it in their multi-registry
package management solution, but such an initiative is presently
premature.
Kris Kowal
A system that has no level of indirection between registry package names
and names used in program code.
i.e. This is insufficient:
http://registry.org/packages/foo
pm add registry http://registry.org/packages/
pm install foo
require("foo/bar")
It should be more like:
pm install http://registry.org/packages/foo
package.json ~ {
"mappings": {
"myfoo": "http://registry.org/packages/foo"
}
}
require("myfoo/bar")
Christoph
Right.
> i.e. This is insufficient:
>
> http://registry.org/packages/foo
>
> pm add registry http://registry.org/packages/
> pm install foo
>
> require("foo/bar")
>
>
> It should be more like:
>
> pm install http://registry.org/packages/foo
>
> package.json ~ {
> "mappings": {
> "myfoo": "http://registry.org/packages/foo"
> }
> }
>
> require("myfoo/bar")
However, it would also be sufficient for there to be explicit
references to a common registry, and even an implied registry for a
particular package manager. Ergo,
package.json ~ {
"dependencies": {
"myfoo": "thei...@1.0.0"
}
}
Or more explicitly:
package.json ~ {
"dependencies": {
"myfoo": "thei...@1.0.0"
},
"registry": "http://example.org/registry/"
}
Or even more explicitly if need be:
package.json ~ {
"dependencies": {
"myfoo": "http://example.org/registry/thei...@1.0.0"
},
}
Or words and schema to that effect.
Kris Kowal
Avoid naming conflicts if two different packages with the same name are
used from two different registries.
Christoph
It solves the problem of a single opinion prevailing against other
opinions in a situation where politics could be entirely avoided.
Without indirection, a registry represents an opinion about how
modules should be named in all programs that subscribe to that
registry. The NPM registry's opinion is that the absolute names of
modules used in every program in that ecosystem should be reserved on
a first-come-first-served basis. The Tusk opinion is that these names
should be subject to minimal review to ensure consistency. A CommonJS
registry's opinion would probably be based on voting. All of these are
valid opinions and developers should not be forced to subscribe to any
single one. They should be given autonomy of the nomenclature used in
their package so as to avoid name conflicts across registries.
Kris Kowal
This amounts to CommonJS dictating an opinion about absolute module
identifiers, and I just don't see it flying. That particular ship has
sailed. There are already many opinions codified on the absolute
module name space. What we need is flexibility to accommodate them.
Kris Kowal
FYI: Npm indexes modules by name only and does not include an author prefix:
e.g. http://registry.npmjs.org/Spec_My_Node/-/Spec_My_Node-0.0.2.tgz
In my view dependencies should be declared on a package basis and
modules required via an alias prefix for the package.
All CommonJS programs and libraries (grouping multiple modules) should
have a package.json indicating name, license, author etc... if
distributed online.
You can of course write your own loader that loads individual modules,
but when looking at:
require("npm/khs4473/flyscript/0.1/main");
where is the package/module boundary and where do you download the
module from? If you look back in the package and dependency discussions
a lot of these issues were brought up. Hence the mappings/C spec in its
current form.
Christoph
a package is a collection of related modules and possible other resources (templates,images,scripts, etc) where as a module is just a single js file.
-ash
> The only sane thing to do is to have a global
> module namespace.
The only sane global name space is URL's.
Kris Kowal
The original purpose of require2 was to have a distinct separation
between a package identifier and a module identifier which is needed
when using URL likes.
i.e. require("foo", "registry.org/packages/a-package");
Since then it has been decided to use package mappings to accomplish the
same with a one-term prefix on the module ID:
package.json ~ {
"mappings":
"my-package": {
"location": "http://registry.org/packages/a-package/"
}
}
}
require("my-package/foo");
If the prefix does not match the module is to be looked up on the global
system namespace.
I just posted on the requirejs list to get this working in the browser
as well [1].
This will allow you to run the same set of packages and modules on
browser and server without having to think about ID issues and sacrifice
in the area of transitive dependencies.
Christoph
[1] -
http://groups.google.com/group/requirejs/browse_thread/thread/f934c7aaf8683c41