NPM dependencies

cbrake · January 27, 2022, 5:32pm

I am starting to cringe every time I delve into a project that depends on a lot of NPM packages. For example:

gyp info using node@14.18.3 | linux | x64
gyp verb command rebuild []
gyp verb command clean []
gyp verb clean removing "build" directory
gyp verb command configure []
gyp verb check python checking for Python executable "python2" in the PATH
gyp verb `which` failed Error: not found: python2
gyp verb `which` failed     at getNotFoundError (/home/cbrake/.meteor/packages/fourseven_scss/.3.13.0.h12rr5.cgxlt++os+web.browser+web.cordova/plugin.compileScssBatch.os/npm/node_modules/meteor/compileScssBatch/node_modules/which/which.js:13:12)
gyp verb `which` failed     at F (/home/cbrake/.meteor/packages/fourseven_scss/.3.13.0.h12rr5.cgxlt++os+web.browser+web.cordova/plugin.compileScssBatch.os/npm/node_modules/meteor/compileScssBatch/node_modules/which/which.js:68:19)
gyp verb `which` failed     at E (/home/cbrake/.meteor/packages/fourseven_scss/.3.13.0.h12rr5.cgxlt++os+web.browser+web.cordova/plugin.compileScssBatch.os/npm/node_modules/meteor/compileScssBatch/node_modules/which/which.js:80:29)
gyp verb `which` failed     at /home/cbrake/.meteor/packages/fourseven_scss/.3.13.0.h12rr5.cgxlt++os+web.browser+web.cordova/plugin.compileScssBatch.os/npm/node_modules/meteor/compileScssBatch/node_modules/which/which.js:89:16
gyp verb `which` failed     at /home/cbrake/.meteor/packages/fourseven_scss/.3.13.0.h12rr5.cgxlt++os+web.browser+web.cordova/plugin.compileScssBatch.os/npm/node_modules/meteor/compileScssBatch/node_modules/isexe/index.js:44:5
gyp verb `which` failed     at /home/cbrake/.meteor/packages/fourseven_scss/.3.13.0.h12rr5.cgxlt++os+web.browser+web.cordova/plugin.compileScssBatch.os/npm/node_modules/meteor/compileScssBatch/node_modules/isexe/access.js:8:5
gyp verb `which` failed     at FSReqCallback.oncomplete (fs.js:179:23)
gyp verb `which` failed  python2 Error: not found: python2
gyp verb `which` failed     at getNotFoundError (/home/cbrake/.meteor/packages/fourseven_scss/.3.13.0.h12rr5.cgxlt++os+web.browser+web.cordova/plugin.compileScssBatch.os/npm/node_modules/meteor/compileScssBatch/node_modules/which/which.js:13:12)
gyp verb `which` failed     at F (/home/cbrake/.meteor/packages/fourseven_scss/.3.13.0.h12rr5.cgxlt++os+web.browser+web.cordova/plugin.compileScssBatch.os/npm/node_modules/meteor/compileScssBatch/node_modules/which/which.js:68:19)
gyp verb `which` failed     at E (/home/cbrake/.meteor/packages/fourseven_scss/.3.13.0.h12rr5.cgxlt++os+web.browser+web.cordova/plugin.compileScssBatch.os/npm/node_modules/meteor/compileScssBatch/node_modules/which/which.js:80:29)
gyp verb `which` failed     at /home/cbrake/.meteor/packages/fourseven_scss/.3.13.0.h12rr5.cgxlt++os+web.browser+web.cordova/plugin.compileScssBatch.os/npm/node_modules/meteor/compileScssBatch/node_modules/which/which.js:89:16
gyp verb `which` failed     at /home/cbrake/.meteor/packages/fourseven_scss/.3.13.0.h12rr5.cgxlt++os+web.browser+web.cordova/plugin.compileScssBatch.os/npm/node_modules/meteor/compileScssBatch/node_modules/isexe/index.js:44:5
gyp verb `which` failed     at /home/cbrake/.meteor/packages/fourseven_scss/.3.13.0.h12rr5.cgxlt++os+web.browser+web.cordova/plugin.compileScssBatch.os/npm/node_modules/meteor/compileScssBatch/node_modules/isexe/access.js:8:5
gyp verb `which` failed     at FSReqCallback.oncomplete (fs.js:179:23) {
gyp verb `which` failed   code: 'ENOENT'
gyp verb `which` failed }
gyp verb check python checking for Python executable "python" in the PATH
gyp verb `which` succeeded python /usr/bin/python
gyp verb check python version `/usr/bin/python -c "import platform; print(platform.python_version());"` returned: "3.10.2\n"
gyp ERR! configure error 
gyp ERR! stack Error: Python executable "/usr/bin/python" is v3.10.2, which is not supported by gyp.
gyp ERR! stack You can pass the --python switch to point to Python >= v2.5.0 & < 3.0.0.
gyp ERR! stack     at failPythonVersion (/home/cbrake/.meteor/packages/fourseven_scss/.3.13.0.h12rr5.cgxlt++os+web.browser+web.cordova/plugin.compileScssBatch.os/npm/node_modules/meteor/compileScssBatch/node_modules/node-gyp/lib/configure.js:454:14)
gyp ERR! stack     at /home/cbrake/.meteor/packages/fourseven_scss/.3.13.0.h12rr5.cgxlt++os+web.browser+web.cordova/plugin.compileScssBatch.os/npm/node_modules/meteor/compileScssBatch/node_modules/node-gyp/lib/configure.js:443:9
gyp ERR! stack     at ChildProcess.exithandler (child_process.js:374:7)
gyp ERR! stack     at ChildProcess.emit (events.js:400:28)
gyp ERR! stack     at maybeClose (internal/child_process.js:1058:16)
gyp ERR! stack     at Process.ChildProcess._handle.onexit (internal/child_process.js:293:5)
gyp ERR! System Linux 5.16.2-arch1-1

The stack of build tools you might find in any random NPM package is astounding …

khem · January 28, 2022, 3:08am

yeah shove the dirt under the carpet called npm. I am scared how you manage such a complex system over years.

bminer · January 28, 2022, 2:54pm

A sad but true reality.

One suggestion to solve: every time a package maintainer publishes their work to NPM, they get billed $0.01 for each dependency over 1 KB. 80% of money goes to the author of the dependency, and 20% goes to charity of author’s choice. Just that tiny incentive might be enough, and it would cost package maintainers of large projects only a few bucks a year.