Statically analyzable binary dependencies


(Reid Greer) #1

In some popular packages, such as node-sass and sharp, binary files are required. Behind a proxy, these dependencies can cause considerable headaches to resolve. In addition, they break away from the rest of the Node Module paradigm by not being statically analyzable, and are instead downloaded via a postinstall hook.

I’m proposing an extension of the package.json format for declaring native dependencies. This would be opt-in. Some hypothetical syntax:

"nativeDependencies": [
    {
      "critical-driver": [
        {
          "nodeVersion": "^8.11.0",
          "platform": "macos",
          "arch": "x64",
          "url": "https://www.github.com/example/example/node8-macos-x64.tar.gz"
        },
        {
          "nodeVersion": "^8.11.0",
          "platform": "win",
          "arch": "x64",
          "url": "https://www.github.com/example/example/node8-win-x64.tar.gz"
        }
      ]
    }
  ]

Ideally, this would allow you to provide overrides to npm in your repo, either via a local .npmrc or your own package.json (example override is provided in JSON):

"nativeResolvers": [
    {
      "package": "@example/example",
      "dependency": "critical-driver",
      "resolve": [
        {
          "nodeVersion": "^8.11.0",
          "platform": "win",
          "arch": "x64",
          "url": "https://www.my-own-source/example/example/file.tar.gz"
        }
      ]
    }
  ]

resolve's url could support files, urls, etc. Regardless of format, there should be a way to make the resolvers global. Definitely interested to hear feedback!