mirrors/aports
3
0
Fork 0
mirror of https://gitlab.alpinelinux.org/alpine/aports.git synced 2025-04-19 04:26:43 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
aports/main/nodejs/nodejs.post-upgrade
Jakub Jirutka 25b10bd1a9 main/nodejs: move npm into a standalone aport 
npm is bundled in Node.js, but it's a standalone project with its
own release cycle and version number. main/nodejs provides LTS
version of Node.js, so it includes old version of npm.

Alpine build tools don't handle subpackages with pkgver different
from the origin pkgver. Thus the current 'npm' subpackage has version
14.16.1-r0 (version of the Node.js) which is confusing, because the
real version of the packaged 'npm' is 6.14.11.

Moreover, npm has gazillion bundled dependencies, so there's a high
risk of security vulnerabilities; using npm bundled in Node.js
quite complicates security patching and requires rebuilding complete
Node.js package.

For these reasons, I think it will be better to split npm into a
separate aport and provide the latest version instead of some arbitrary
version bundled in the Node.js tarball.

Actually, I planned this three years ago (see commit message in
244cc743c4), but forgot about it.

There's one unpleasant consequence of this change - the latest npm
version is 7.9.0 which is lower than 14.16.1 (version inherited from
nodejs package). Since Alpine doesn't have "epoch" version as e.g.
Fedora, there's nothing I can do about it beside informing the users
(using nodejs.post-upgrade script).
2021-04-11 02:26:37 +02:00

26 lines
831 B
Bash
Raw Permalink Blame History

#!/bin/sh
# This file is not provided since splitting npm into a separate aport,
# so we use it to quickly detect presence of the old npm package.
if [ -f /usr/lib/node_modules/npm/configure ]; then
pkg_ver=$(apk info -W /usr/bin/npm 2>/dev/null \
| sed -En 's/.*owned by npm-([^-]+).*/\1/p' \
| grep .) || exit 0
npm_ver=$(/usr/bin/npm --version 2>/dev/null) || exit 0
[ "$pkg_ver" = "$npm_ver" ] && exit 0
cat >&2 <<-EOF
*
* You have an old version of the 'npm' package installed
* (pkg version: $pkg_ver, real version: $npm_ver). The newer package
* has a *lower* version number that now corresponds to the actual
* version of the 'npm' program. You have to reinstall the npm package
* (apk del npm; apk add npm) or upgrade all packages to the available
* versions (apk upgrade -a).
*
EOF
fi
exit 0
Reference in a new issue View git blame Copy permalink