rfcs
rfcs copied to clipboard
npm
Public change requests/proposals & ideation
## Motivation ("The Why") There are a number of tools, and a few RRFCs issues here (https://github.com/npm/rfcs/issues/190, https://github.com/npm/rfcs/issues/610 and https://github.com/npm/rfcs/issues/548) that relate to running scripts in series, parallel, etc. The...
## Motivation ("The Why") At the moment npm audit does not seem to take into account the origin source of a package when delivering alerts. This results in alerts which...
## Motivation ("The Why") I found two packages that ship Readme.md, `chalk` and `commander.js`. If we stop shipping Readme.md, we can save `631GB` and `1.3TB` per week of bandwidth for...
## Motivation ("The Why") I got this idea from [a github issue](https://github.com/npm/feedback/discussions/579). ### Example I am proposing that we add a sorting algorithm for ordering the graph traversal of npm...
## Motivation ("The Why") There are a number of tools, and RRFCs (https://github.com/npm/rfcs/issues/190, https://github.com/npm/rfcs/issues/610 and https://github.com/npm/rfcs/issues/548, https://github.com/npm/rfcs/issues/691) that relate to running scripts in series, parallel, etc. I opened https://github.com/npm/rfcs/issues/691 as...
## Motivation ("The Why") When developing in a docker environment, rebuilding images and installing dependencies can be quite slow. Using best practices it is recommended to have a docker file...
I'm adding a new rfc that would add topological sorting to graph operations that npm implements for workspaces. This would ensure that dependencies are always operated on before their dependents....
## Motivation ("The Why") Many npm packages contain invalid ESM, which makes Node.js choke. The situation is quite bad, as described in https://github.com/nodejs/node/issues/46074. ### Example For example, the npm package...
## Introduction I acknowledge that this text might be not complete or formal enough. I posted it here so I can gather early feedback before putting in all the extra...
## Motivation ("The Why") When a vulnerability is introduced to an npm package, it takes at least several days to discover the vulnerability and to report the vulnerable release to...
