Have you checked for existing feature requests?
Summary
src/install.js has lots of code around the manual retrieval of packages from NPM. In the modern Node ecosystem, there's a dedicated package called pacote that can do this, and it would behoove us to use that instead.
What benefits does this feature provide?
pacote is widely used and is a first-party npm package. If anything were to change about how packages are downloaded in the future, I think we'd be much better served if we were on pacote instead of our own custom code.
Any alternatives?
The alternative is the status quo — meaning continued shelling out to our own fork of npm. This isn't a huge source of pain for us, but it would be good to get ourselves to a point where ppm doesn't rely on npm at all for package retrieval or installation or building — and then we'd be freed from having to maintain an npm fork altogether.
Other examples:
No response
Have you checked for existing feature requests?
Summary
src/install.jshas lots of code around the manual retrieval of packages from NPM. In the modern Node ecosystem, there's a dedicated package calledpacotethat can do this, and it would behoove us to use that instead.What benefits does this feature provide?
pacoteis widely used and is a first-partynpmpackage. If anything were to change about how packages are downloaded in the future, I think we'd be much better served if we were onpacoteinstead of our own custom code.Any alternatives?
The alternative is the status quo — meaning continued shelling out to our own fork of
npm. This isn't a huge source of pain for us, but it would be good to get ourselves to a point whereppmdoesn't rely onnpmat all for package retrieval or installation or building — and then we'd be freed from having to maintain annpmfork altogether.Other examples:
No response