On 02/25/18 05:37, Marcin Cieslak wrote:
Yes, this is my private port that I am using to produce FreeBSD binaries
for node-sass. Getting binary npm modules into our ports tree is another
conversation.
The problem here is that a whole thing worked for me before for months
so I am aware of all those limitations for particular build phases
(it took me long to figure out that).
npm is an extremely volatile technology. Some package might work now,
and then break in a week due to a dependency package update.
It continuously automatically updates files that are downloaded as
dependencies.
NodeJS is largely incompatible with the FreeBSD ports system because of
this volatility.
NodeJS is also a very insecure technology. It brings files directly from
github without any vetting. So if somebody will update some github
package with malware, it is extremely likely that next day this malware
will end up on your production servers. There is nobody in between, you
have to always trust hundreds of parties.
Yuri
_______________________________________________
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
