From 5324ce5b655e17cf60be41d865b41f255e41f99f Mon Sep 17 00:00:00 2001 From: Dan Rose Date: Thu, 22 Aug 2024 16:20:12 -0500 Subject: [PATCH 1/2] Observations on npm's behavior --- research/name.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/research/name.md b/research/name.md index 76399d9..caa083c 100644 --- a/research/name.md +++ b/research/name.md @@ -6,6 +6,7 @@ Analysis of the `name` property - The `name` and `version` together form an identifier that is assumed to be completely unique[1] - In practice, the unique identifier for a package is also comprised of its registry. It is valid to have two packages with the same `name` and `version`, except one must be aliased so that the package manager can correctly resolve its registry value. + - - The `name` property is optional if the package will not be published.[1] - Generally, it is also best practice to specify the [`"private": true`](./private.md) property so that the package is not accidentally published. - > [TODO: Is `name` actually optional?](https://github.com/openjs-foundation/package-json-research/issues/9) @@ -40,6 +41,13 @@ Analysis of the `name` property - `npm config set :registry ` or `npm login --registry= --scope=` (`` must include the `@` symbol). - One scope must only ever point to one registry. - One registry can host multiple scopes. +- Observations from npm@10.8.2: + - `npm install` installs dependencies listed in the current `package.json`. + - `npm install ./some/folder` will fail if `some/folder/package.json` is missing a `name`. + - `npm install alias@./some/folder` can install even if `./some/folder/package.json` does not exist. + - `npm install alias@./some/folder --install-links` can install even if `./some/folder/package.json` does not have a `name` nor `version`. + - `npm publish` and `npm pack` require both `name` and `version`. + - `npm view` requires the target package to have a `name`. ## Sources From 93a3116329e34aeeb5371d5c3bf2000f69587a1a Mon Sep 17 00:00:00 2001 From: Dan Rose Date: Sat, 24 Aug 2024 00:13:27 -0500 Subject: [PATCH 2/2] package name ambiguity for npm view, npm docs --- research/name.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/research/name.md b/research/name.md index caa083c..2971c4e 100644 --- a/research/name.md +++ b/research/name.md @@ -6,7 +6,6 @@ Analysis of the `name` property - The `name` and `version` together form an identifier that is assumed to be completely unique[1] - In practice, the unique identifier for a package is also comprised of its registry. It is valid to have two packages with the same `name` and `version`, except one must be aliased so that the package manager can correctly resolve its registry value. - - - The `name` property is optional if the package will not be published.[1] - Generally, it is also best practice to specify the [`"private": true`](./private.md) property so that the package is not accidentally published. - > [TODO: Is `name` actually optional?](https://github.com/openjs-foundation/package-json-research/issues/9) @@ -47,7 +46,7 @@ Analysis of the `name` property - `npm install alias@./some/folder` can install even if `./some/folder/package.json` does not exist. - `npm install alias@./some/folder --install-links` can install even if `./some/folder/package.json` does not have a `name` nor `version`. - `npm publish` and `npm pack` require both `name` and `version`. - - `npm view` requires the target package to have a `name`. + - `npm view` and `npm docs`, when run inside a directory with a `package.json`, show information about the latest published version of the package with matching name on `npm` (even if unrelated). This suggests that even unpublished packages should have globally unique names (e.g. by using a scoped name). ## Sources