watch npm registry not github

[simevo]

trafficstars

we have been bitten by an issue where a version had been tagged on github but not released on npm registry: http://bugs.debian.org/892656

would it make sense to have npm2deb generate a watch file to track versions when they have been pushed to npm registry rather than simply tagged in the upstream repo ?

[guimard]

Hello,

npm2deb prefers GitHub tags when exists else falls to npmregistry. When using npmregistry, often source and test files are missing and we can not provides a good package. Tracking both tags and registry isn't a good idea since they does not provide the same source.

So I think the npm2deb behavior must not be changed in this way : uscan has 2 jobs, survey upstream changes (deb infrastructure) and download (DD). I think the best way to solve this is to have either:

• a separate cron script that will survey npmregistry
• a new uscan feature: a "surveyonly" option in debian/watch lines that permits to declare 2 URL, but use only one for upgrading. Example:

version=4

opts=\
dversionmangle=auto\
filenamemangle=s/.*\/v?([\d\.-]+)\.tar\.gz/node-define-property-$1.tar.gz/ \
 https://github.com/jonschlinkert/define-property/tags .*/archive/v?([\d\.]+).tar.gz debian

opts="searchmode=plain,surveyonly" \
 https://registry.npmjs.org/define-property \
 https://registry.npmjs.org/define-property/-/define-property-(\d[\d\.]*)@ARCHIVE_EXT@ debian

[simevo]

another option could be to use npm registry just to get the released version, and the repo tag for the tarball

[shanavas786]

Isn't is what we do now ?