> > The project is responsible for the 3rd party components/libraries it uses > I try to check the license of JS components (but not their trees)
Re license checking, we could explore using: https://www.npmjs.com/package/license-checker => to automate license checks. That might be quite useful, especially once more dependencies are added. Also other build/checks improvements: Linting JS code - Also what would be good would be to add a linter: https://www.npmjs.com/package/lint => To automate checks for JS formatting. E.g. forgetting to replace whitespaces with tabs :) A linter can help a lot. And it is very easy to set up. Bundling/minify CSS and add linter using NPM: various NPM plugins available to do it, eg https://www.npmjs.com/package/css-loader => NPM can also be used to bundle the CSS files => This has also the advantage that you can use the linter to make sure CSS formatting is good => This also has the advantage that you can use further clever ways to optimise the CSS (https://sass-lang.com/) this might be dangerous since we have no frontend tests :( => We should be able to add JavaScript unit tests using Jest: https://jestjs.io/ => And integrate + automate it into our NPM build process https://www.npmjs.com/package/jest If I'm not mistaken there was discussion > Will try to search archives (no ETA unfortunately :(( ) => Let's maybe fix a few of the above and then we can contact @infra. At the moment I think there is a few things we can do without ASF support Thanks Seb Sebastian Wagner Director Arrakeen Solutions, OM-Hosting.com http://arrakeen-solutions.co.nz/ https://om-hosting.com - Cloud & Server Hosting for HTML5 Video-Conferencing OpenMeetings <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url> On Fri, 8 Oct 2021 at 05:30, Maxim Solodovnik <solomax...@gmail.com> wrote: > (moving to dev@) > > On Thu, 7 Oct 2021 at 03:59, seba.wag...@gmail.com <seba.wag...@gmail.com> > wrote: > > > +1 > > > > In the long run I am interested in how NPM fits with the Apache > Foundation. > > But maybe that is something to raise with @legal and @infra: > > - Current vetting of licenses is based heavily on maven (e.g. > maven-rat), > > how will that translate into NPM? > > > > The project is responsible for the 3rd party components/libraries it uses > I try to check the license of JS components (but not their trees) > > - NPM ecosystem is considered a lot more volatile than Maven. A lot more > > changes in a shorter period of time. Would probably mean even tighter > > governance on making sure licensing is considered > > > > We are (semi)manually updating versions > this might be dangerous since we have no frontend tests :( > > - Same for managing dependencies: ASF has a Maven repo, but no NPM > > repo/mirror. Are there any plans at ASF to establish a NPM mirror, or are > > we proposing npmjs is what projects should use and publish to? > > > > If I'm not mistaken there was discussion > Will try to search archives (no ETA unfortunately :(( ) > > > > > There is actually an Incubating project that is purely publishing > themself > > as NPM module: > > https://annotator.apache.org/docs/ > > as well as > > https://cordova.apache.org/ publishes NPM packages > > as well as > > https://apache.github.io/royale-docs/get-started/royale-cli > > > > So we are not the very first project using it. But I expect more projects > > in the future. > > > > Thanks > > Seb > > > > Sebastian Wagner > > Director Arrakeen Solutions, OM-Hosting.com > > http://arrakeen-solutions.co.nz/ > > https://om-hosting.com - Cloud & Server Hosting for HTML5 > > Video-Conferencing OpenMeetings > > < > > > https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url > > > > > < > > > https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url > > > > > > > > -- > Best regards, > Maxim >