NPM importer - tarballs - SWH

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NPM importer - tarballs - SWH - commit ids

From:	swedebugia
Subject:	NPM importer - tarballs - SWH - commit ids
Date:	Wed, 28 Nov 2018 12:26:13 +0100

Hi

I looked closer at the json output from npmregistry and found that theyhost tarballs and give the url for every version in the json response.

("tarball" . "url").

All the npm packages I ever looked at (100 or so of the biggest anddependencies of those) was hosted on Github.

I have a few questions regarding the wealth of information availablefrom this registry

1) Does anyone know if these tarballs are reproducible? ie do theychange over time?


2) Can we use the gpg signature for something?

3) SWH gives us tarballs according to commit ids. If we use npm-tarballswe can store the commit in the json response (or look it up with thegithub api) as a property:

 (properties
`((commit . hash)))

Any thoughts?

--
Cheers Swedebugia

[Prev in Thread]

Current Thread

[Next in Thread]

NPM importer - tarballs - SWH - commit ids, swedebugia <=

Prev by Date: Re: Naming of node packages with @ and /
Next by Date: Re: 01/01: gnu: Add rclone.
Previous by thread: Re: 01/02: tests: Increase root partitions size to 2G.
Next by thread: New template for 'guix' made available
Index(es):
- Date
- Thread