-
Notifications
You must be signed in to change notification settings - Fork 3k
resolving prepublish-on-install #10074
Comments
👍 awesome, this is great |
\o/ niiiiiice |
+1 that is really good |
+1 great! |
👍 keen |
Awesome, thanks!! |
Sounds great! The new prepare hook will be useful as well. |
👍 💯 😄 |
There is a god! 🙏 |
Yes absolutely yes! |
👍 Thanks for tackling this issue! |
Brilliant 👍 |
@othiym23 is there any chance that a tiny 1.x and 2.x patch could be put out, that detects the "prepublishOnly" and "prepare" scripts, and warns that the user should be using npm 3.something to get proper publish behavior? I know modifying 1.x is probably unlikely, but it would be very useful in helping encourage people to update to npm 3, and also ensuring they don't unknowingly miss a critical "before publish" step. If not, then my only option would be to use I kind of feel like Steps 1, 2, and 3 seem wonderful to me - it's just steps 4 and 5 I'm concerned about. Instead, if they were a single step 4: In a year or so, make a semver-major bump to npm and remove |
No. The book is closed on
Probably, although we'd be more likely to cherry-pick 1-3 onto the 2.x branch, or add a simple deprecation warning to uses of The reason to wait a year between steps 3 and 4 is twofold - to give developers a chance to migrate to I don't think it's especially onerous to include "in order to publish this package, you must be running at least Finally, given how the lifecycle works, removing |
Thanks for the detailed answer! If steps 1-3 make it onto 2.x, then I am content to not care about npm 1. Sadly, I don't understand the last paragraph, but I trust that you know the details far better than I :-) |
To get a little more opinionated for a moment, if you can't get across to your collaborators the basic requirements for working with the code base, there are organizational problems that are far graver than the confusion arising from using inconsistent tool versions. |
That's entirely true - but one could make the same argument about style, and yet using a linter to guarantee consistency is so common a practice that it's often considered bad practice to not do so. People are people, and checks that aren't automated by software will be occasionally skipped. |
👍 to the proposal |
👍 it's really hurting me in many projects |
+1 Just saw it by accident, makes no sense to me at all. Now I have to run prepublish work manually to prevent the script from being run when another user installs my modules. |
This got deprecated in npm 6, see npm/npm#10074 for much much more details.
MIT License Copyright (c) [year] [fullname] Permission is hereby granted, free of charge, to any person obtaining a copy The above copyright notice and this permission notice shall be included in all THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
See also: #3059, #8402, #9722, #9733, probably many others.
Many, many people intensely dislike the fact that a lifecycle event named "prepublish" also gets run when a package is also installed for development, as this precludes the ability to have a set of validation checks that get run before publishing (and also because the name becomes confusingly inaccurate). The reasons for this behavior have been discussed, bikeshedded, and vehemently argued over elsewhere. There is a consensus that the current behavior is undesirable, and the CLI team agrees that this situation needs to be fixed. This is what we intend to do:
prepare
lifecycle event, which has the current behavior of theprepublish
event – it runs before the package tarball is packed and uploaded to the registry during the publishing process, as well as when you runnpm install
(with no package name) after cloning a package, to prepare it for use (i.e. by transpiling source).prepublishOnly
lifecycle event, which runs only at prepublish time.prepublish
hook is used that the current behavior is deprecated, and will be removed at some point in the future.prepublish
's behavior matchprepublishOnly
.prepublishOnly
and have justprepare
andprepublish
.This should allow everyone to get the behavior they want, and will (eventually) result in a solution that is intuitive and unsurprising to everyone, and allows us to do so in about as gentle a way as possible for something so potentially disruptive.
Thoughts? Things we haven't considered? Parts 1-3 can (and will) be implemented as part of
npm@3
, probably over the next couple months, so it would be nice to get people's feedback relatively quickly.The text was updated successfully, but these errors were encountered: