Prevent automatic global installation of wasm-pack

[ThisIsMissEm]

Installing software globally on a developers' machine as a side-effect of using a webpack plugin is generally a bad idea, especially when they are not informed that this will take place. Instead, it's better to provide instructions as to how someone can install the relevant software, and allow a user to choose.

Automatic installation can also be problematic in certain CI environments where there are stricter security requirements.

This automatic installation was added in: https://github.com/wasm-tool/wasm-pack-plugin/commit/aea762a0cfa0d6a6afa22fb39691f47b989d9281

[wleslie]

Actually I'm unsure why wasm-pack-plugin can't just declare an ordinary dependency on wasm-pack in its package.json file, instead of either (a) downloading/installing it automatically, or (b) making the user do it manually.

[ThisIsMissEm]

You could, but there's multiple ways of installing wasm-pack (I'd installed via Rust, not node packages)

On 12. Sep 2021, at 03:00, wleslie @.***> wrote:

Actually I'm unsure why wasm-pack-plugin can't just declare an ordinary dependency on wasm-pack in its package.json file, instead of either (a) downloading/installing it automatically, or (b) making the user do it manually.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

[woss]

it's cool to have the wasm-pack on the npm, I vote against globally installing it especially inside the plugin itself.

I see the following options:

1. fail if the wasm-pack is not found, it's what this PR does
2. declare the wasm-pack as a dependency in the package.json

CASE 1: user decides will they install it via cargo or npm CASE 2: user has less control over how the wasm-pack is installed. at least is not installed globally

Given that this plugin is part of the nodejs ecosystem, CASE 2 makes a lot more sense.