mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2025-12-25 03:12:08 +01:00
25b10bd1a9
npm is bundled in Node.js, but it's a standalone project with its own release cycle and version number. main/nodejs provides LTS version of Node.js, so it includes old version of npm. Alpine build tools don't handle subpackages with pkgver different from the origin pkgver. Thus the current 'npm' subpackage has version 14.16.1-r0 (version of the Node.js) which is confusing, because the real version of the packaged 'npm' is 6.14.11. Moreover, npm has gazillion bundled dependencies, so there's a high risk of security vulnerabilities; using npm bundled in Node.js quite complicates security patching and requires rebuilding complete Node.js package. For these reasons, I think it will be better to split npm into a separate aport and provide the latest version instead of some arbitrary version bundled in the Node.js tarball. Actually, I planned this three years ago (see commit message in 244cc743c4ae2fd0f517b74790674864cb293e9c), but forgot about it. There's one unpleasant consequence of this change - the latest npm version is 7.9.0 which is lower than 14.16.1 (version inherited from nodejs package). Since Alpine doesn't have "epoch" version as e.g. Fedora, there's nothing I can do about it beside informing the users (using nodejs.post-upgrade script).
27 lines
831 B
Bash
27 lines
831 B
Bash
#!/bin/sh
|
|
|
|
# This file is not provided since splitting npm into a separate aport,
|
|
# so we use it to quickly detect presence of the old npm package.
|
|
if [ -f /usr/lib/node_modules/npm/configure ]; then
|
|
pkg_ver=$(apk info -W /usr/bin/npm 2>/dev/null \
|
|
| sed -En 's/.*owned by npm-([^-]+).*/\1/p' \
|
|
| grep .) || exit 0
|
|
|
|
npm_ver=$(/usr/bin/npm --version 2>/dev/null) || exit 0
|
|
|
|
[ "$pkg_ver" = "$npm_ver" ] && exit 0
|
|
|
|
cat >&2 <<-EOF
|
|
*
|
|
* You have an old version of the 'npm' package installed
|
|
* (pkg version: $pkg_ver, real version: $npm_ver). The newer package
|
|
* has a *lower* version number that now corresponds to the actual
|
|
* version of the 'npm' program. You have to reinstall the npm package
|
|
* (apk del npm; apk add npm) or upgrade all packages to the available
|
|
* versions (apk upgrade -a).
|
|
*
|
|
EOF
|
|
fi
|
|
|
|
exit 0
|