Control: reassign -1 node-postcss-selector-parser
On 2/10/23 01:35, Christopher Hagar wrote:
Package: npm
Version: 9.2.0~ds1-1
Severity: normal
X-Debbugs-Cc: cmha...@gmail.com
After recent changes in npm and node-css-loader (node-postcss-selector-parser),
installing npm installs webpack and 200+ other node-related packages.
Given that npm is a package manager, it should not require so many
dependencies.
Morever, npm is for installing packages outside of the Debian package manager!
It should not bring in tons of Debian packages that will never be used.
Debian Policy says that Depends declares an "absolute dependency". Recommends
declares a "strong, but not absolute, dependency". Suggests declares that a
packages "may be more useful with one or more others". And it is possible there
should be no dependency relationship of any kind for npm depending on webpack.
Hi,
if you install upstream npm, you'll have hundreds packages in
npm/node_modules (around 200 MB). The way chosen in Debian is to reuse
modules that already exist in Debian (and then drop them from npm).
So yes, there are a lot of dependencies but /usr/share/nodejs/npm (and
related dirs like @npmcli/) contains only 3 MB including
/usr/share/nodejs/npm/node_modules/.
Anyway npm doesn't need webpack.
Link between npm and webpack:
- npm requires node-postcss-selector-parser (for @npmcli/query)
- node-postcss-selector-parser requires node-css-loader because it
requires node-indexes-of which is a virtual package provided by
node-postcss-selector-parser
- node-css-loader requires webpack
So the bug is in node-postcss-selector-parser, it may embed indexes-of
which is a 5-lines modules instead of depending of node-css-loader.
