poet-js
poet-js copied to clipboard
poetapp
Research how to avoid node-gyp native build
Dependency https://github.com/digitalbazaar/jsonld.js has a dependency on https://github.com/digitalbazaar/rdf-canonize (a feature we use to build claims)
https://github.com/digitalbazaar/rdf-canonize#nodejs--npm states:
NOTE: This package has an optional dependency on rdf-canonize-native. If native build tools are not available then the native bindings will fail to build and only the JavaScript implementation will be used. If you wish to ensure you get the higher performance of the native code, and want to ensure build failures will not be ignored, then you should also add a dependency on rdf-canonize-native to your project.
If the native bindings fail to build, npm exits with a non-zero status, which breaks our CI. For libraries not performing canonization, possibly using npm --no-optional would resolve this, but apparently npm has had issues with that flag that they've fixed at least twice.
Research required.
we have set the option --no-optional with false in all repositories in the file .npmrc
for example: https://github.com/poetapp/poet-js/blob/master/.npmrc
Thinking a bit more about this... I think native dependencies are only available in the context of Node JS. When running in the browser, we probably don't want to build using native dependencies.
So even if we somehow got around the Netlify / whatever limitation... it's possible that then the application would fail at run time, since the browser allows no access to native libraries.
In other words: how do we use JSON-LD in the browser?
@geoffturk I'd like to come back to this asap, because if we find out we can't use JSON-LD in the browser at all... that's a limitation better known sooner rather than later.
It's in the current milestone, so feel free to get to the bottom of it as soon as you can.
more in depth, I did this research about the behavior of --no-optional
First I created a project npm
mkdir test-native
cd test-native
npm init --yes
after that I installed the pakcages rdf-canonize and jsonld but one at a time
Fist with rdf-canonize
npm i --no-optional rdf-canonize
in this case the optional packages was omitted, that's fine
after I tried the same with npm i rdf-canonize
in this case the optional packages was installed, that's fine
now, I did the same with jsonld, previous I deleted the node_modules and the package-lock
npm i --no-optional jsonld
in this case the optional packages was installed, that's wrong, I was waiting that omit the optional package.
The expected behavior is that NPM has to omit optional packages with the deep packages also.
Why would the browser require jsonld or jsonld-signatures?
On another note, I played around with making jsonld-signatures optional in the poet-js library. Running npm -i --no-optional still build the optional package. I'll try to make both jsonld and jsonld-signatures optional.
Why would the browser require jsonld or jsonld-signatures?
We could sign claims right there in the browser with metamask in the future. Not in the roadmap, but I do want to know if it's at all possible or straight off the table.
Also: we keep some things in Po.et JS that are shared by different projects and could be used in both browserland and nodejs. It may make sense to move this stuff out of Po.et JS, but I'd rather know sooner rather than later whether we need to limit Po.et JS to JSON-LD related stuff only and keep anything else in another package.
IMO the conclusion of this research should be one of:
- find out we're doing something wrong and fix it,
- find out there's a bug in json-ld, rdf-canonize or another 3rd party library and report it,
- find out there's a bug in npm and report it,
- find out this is all by design and using JSON-LD in browsers is impossible and that we need to limit the scope of Po.et JS.