Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement equivalent of Python's PIP's REQUESTED #6463

Closed
paololazzari opened this issue May 17, 2023 · 9 comments
Closed

Implement equivalent of Python's PIP's REQUESTED #6463

paololazzari opened this issue May 17, 2023 · 9 comments

Comments

@paololazzari
Copy link

When working with Python, it's possible to determine which package was originally installed by the user by checking for the presence of the REQUESTED file.

For instance:

$ pip install -t package requests
$ ls package/charset_normalizer-3.1.0.dist-info/REQUESTED
ls: package/charset_normalizer-3.1.0.dist-info/REQUESTED: No such file or directory
$ ls package/requests-2.30.0.dist-info/REQUESTED
package/requests-2.30.0.dist-info/REQUESTED

so then one can determine that the requests was installed explicitly, whereas charset_normalizer wasn't.

How can one do the same with npm ?
@ljharb
Copy link
Contributor

ljharb commented May 17, 2023

Typically that's not something one interrogates; you just run npm ci (or delete node_modules and run npm install) and end up with only stuff due to what's listed in package.json.

What's your use case?

@paololazzari
Copy link
Author

I have a node_modules folder and from it I would like to be able to determine the minimal set of libraries one would have to install to replicate it

@ljharb
Copy link
Contributor

ljharb commented May 17, 2023

npm install --package-lock-only will create a lockfile from package.json, but npm installs simply aren't deterministic enough to be able to do what you want reliably.

@paololazzari
Copy link
Author

I don't have a package.json file, I only have a node_modules folder.

Would this be difficult to add? It would be helpful for the same reasons outlined here pypa/pip#7811

@ljharb
Copy link
Contributor

ljharb commented May 17, 2023

Yes, I suspect that the nondeterminism - especially based on install time and available versions - of node_modules means that it is an impossible thing to do correctly, which means it's better not attempted.

@ljharb
Copy link
Contributor

ljharb commented May 17, 2023

Does node_modules/.package.json exist? if so that's a form of lockfile you could use. Otherwise you may be SOL.

@paololazzari
Copy link
Author

How hard is it to parse the command line the user provides and use that to later create a REQUESTED file?

@ljharb
Copy link
Contributor

ljharb commented May 17, 2023

I suppose that's something it could do moving forward - but it'd then only work for a node_modules that was fully installed using an npm version that had that feature.

In that case, I'd suggest filing an RRFC issue on https://github.com/npm/rfcs, since the CLI repo doesn't take feature requests.

@wraithgar wraithgar closed this as not planned Won't fix, can't repro, duplicate, stale May 18, 2023
@paololazzari
Copy link
Author

RRFC link: npm/rfcs#693

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@wraithgar @ljharb @paololazzari