rfcs
rfcs copied to clipboard
npm
Public change requests/proposals & ideation
Feature Request: npm update : output summary of packages updated and (if available) changelog url
`npm update` doesn't output what it's updated so you have to do `npm outdated` first, then google each package for changelog or changes or blog posts it would be nice,...
### Currently, workspaces only support semver-range version specifiers in order to link a pkg: Semver ranges when used as version specifiers are primarily used to fetch packages from the configured...
## Motivation ("The Why") I have `npm-shrinkwrap.json` in both `.gitignore` and `.npmignore` on basically all of my repos. However, I unknowingly broke `ls-engines` when I published it, not realizing that...
## Motivation ("The Why") Some libraries are using `devDependencies` that are required to be downloaded in the new project another person may create. Use case: I'm using the [open layer](https://www.npmjs.com/package/ol)...
[edit] This RFC is very old, some progress on developing the idea led to a Collab Space in OpenJSF and this format proposal: https://github.com/openjs-foundation/pkg-vuln-collab-space/pull/11 Was: npm audit resolve Updated to...
## Motivation ("The Why") For example, https://github.com/npm/cli/issues/4311#issuecomment-1030707030 - when the *first* (ever, or first locally on a project without a lockfile) install fails, there's no lockfile and no node_modules, and...
## Motivation ("The Why") I want to know if and how a dep `foo` came to be in my tree - but, i want to ignore dev deps. ### Example...
## Motivation ("The Why") We are moving from a non-workspace repository to using the workspaces feature. Previously we had two workspaces like `workspace-a/package-lock.json` and `workspace-b/package-lock.json`. When we add these as:...
# UPDATE: Full-fledged RFC: [link](https://github.com/KilianKilmister/rfcs/blob/latest/accepted/0000-peer-overrides.md) PR has been filed: (#210) POC implementation in arborist fork: [link](https://github.com/KilianKilmister/arborist/) Any further discussion should be situated un those. getting ready to close this issue...
There's been an interest [expressed](https://overreacted.io/npm-audit-broken-by-design/) in the ecosystem of having some form of counterclaim for advisories surfaced by `npm audit`. There's been some discussion of a potential counterclaim mechanism for...
