react-native/nodejs packaging
I've experimented a bit with nodejs package (in a different context: https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=dimension) lately and also asked a someone involved in that community a bunch of questions.
Let's try to gather some sort of best practice list for packaging these apps.
- There's an npm options
--build-from-source
which will skip downloading prebuilt binaries for most things. This will mostly still download source code bundles from github/npm. This should be working for everything using node-pre-gyp to ship prebuilt binaries and then fall back to node-gyp for building those from source. - The other place where packages can download binaries is postinstall scripts. For packaging work there's an
--ignore-scripts
option which one could use to not run the scripts and inspect them first or something - npmjs allows proprietary packages, though they are rare, packages can also come from other sources. There are tools like https://github.com/shamofu/npm-check-licenses which can print a license report for all used packages. They should exist for every package but there will probably be some that didn't fill in their license in the package.json
- It might be preferable to use
npm ci
instead ofnpm install
, see here for details: https://stackoverflow.com/a/53325242
Feel free to add stuff you encountered. @licaon-kter @Rudloff @relan
Edited by Licaon_Kter