Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [incubation] Publishing to npm and handling of CQs for npm/nodejs dependencies

Hi Thomas,

 

If you are using webpack for bundling, you could hook into the compiler to get all used (and only those) production assets.

Some time ago, I created a plugin [1] for unide (type b) [2]. That will also list transitive assets, as long as they provide their source and not pre-compiled and bundled distributions. It also zips the necessary files + license text for the CQs.

Due to a lack of other automation, I had used js unit tests to create CQs from the generated json list. I guess that’s not the recommended way.

 

For webpack 4+, you might have to change “compiler.plugin('emit', (compilation, callback) => {})” to “compiler.hooks.emit.tapAsync('license-plugin', async(compilation, callback) => {})”

 

[1] https://github.com/eclipse/unide/blob/master/clients/binsa/conf/webpack-license-plugin.js

[2] https://projects.eclipse.org/projects/iot.unide/releases/0.2.0

 

Mit freundlichen Grüßen / Best regards

Axel Meinhardt

Technical Lead PPM Ecosystem (BCI/ECM2)
Bosch Software Innovations GmbH | Ullsteinstr. 128 | 12109 Berlin | GERMANY | www.bosch-si.com


Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B
Aufsichtsratsvorsitzender: Dr.-Ing. Thorsten Lücke; Geschäftsführung: Dr. Stefan Ferber, Michael Hahn, Dr. Aleksandar Mitrovic



From: incubation-bounces@xxxxxxxxxxx <incubation-bounces@xxxxxxxxxxx> On Behalf Of Jaeckle Thomas (INST/ECS1)
Sent: Dienstag, 27. August 2019 09:35
To: Discussions for new Eclipse projects <incubation@xxxxxxxxxxx>
Subject: [incubation] Publishing to npm and handling of CQs for npm/nodejs dependencies

 

Hi incubation list.

 

We, the Eclipse Ditto project [1], are currently working on an initial _javascript_ client [2] for our backend.

We would like to publish/release that to npm and are now wondering if there are processes/guides/best practices on how to publish modules to npm.

 

And, in addition: what is the process of creating CQs for npm dependencies we use in our client?

I saw some CQs which just provide their “package.json” along with all the sources of the dependencies from “node_modules” which npm creates, e.g. [3] or [4]

While that is a really simple way, when doing that we have no chance of reusing/piggybacking on already approved npm dependencies.

On the other side I see that it is really crazy how much transitive dependencies are pulled from some npm modules.

 

Also, all npm depdencies CQs I saw were “Type A” and our project is currently a “Type B” project and we would like to keep it that way.

 

Any advice/guidance or experience is much appreciated :-)

 

 

[1] https://www.eclipse.org/ditto/

[2] https://github.com/eclipse/ditto-clients/issues/2

[3] https://dev.eclipse.org/ipzilla/show_bug.cgi?id=17757

[4] https://dev.eclipse.org/ipzilla/show_bug.cgi?id=20490

 

 

Mit freundlichen Grüßen / Best regards

Thomas Jaeckle

Engineering Cloud Services 1 Bosch IoT Things (INST/ECS1)
Bosch Software Innovations GmbH | Ziegelei 7 | 88090 Immenstaad | GERMANY | www.bosch-si.com


Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B
Aufsichtsratsvorsitzender: Dr.-Ing. Thorsten Lücke; Geschäftsführung: Dr. Stefan Ferber, Michael Hahn, Dr. Aleksandar Mitrovic


 

Back to the top