RFE: Use #!/usr/bin/env node for npm executable
#6095
Comments
|
I agree with setting it to |
|
I guess it's fine to leave the shebang untouched. At the risk of sounding obvious, this is a breaking change for people that have an old node binary on their path. That doesn't particularly bother me except that we'll end up being first-line support for such people. |
|
@bnoordhuis: If packagers does that I'd suggest they patch instead of us. |
It violates user expectations among other things. The shebang in npm.js is kept as #!/usr/bin/env node. Fixes: nodejs#6095
mscdex
added
the
npm
Indeed. The good news is that the npm cli team tests regularly going back even further than Node LTS, I believe, and we often recommend old node users upgrade npm anyway. So from node's point of view, you should be fine. (That is, Node v0.8 is still a first class citizen, and probably will be for some time, as long as we keep seeing registry traffic from it.) |
|
I guess it might also be worth noting that installing mutliple node binaries isn't really supported. We need to have something fancier in place to handle that properly. |
|
Since the original intent seems to be forgotten: we added this so that the On Friday, April 8, 2016, Johan Bergström notifications@github.com wrote:
|
|
Ignore me; I was referring to the PORTABLE thing in the install script, but On Friday, April 8, 2016, Nathan Rajlich nathan@tootallnate.net wrote:
|
Rewriting npm shebang in install.py violates user expectations among other things. The shebang in npm.js is kept as #!/usr/bin/env node. Fixes: #6095 PR-URL: #6098 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Myles Borins <myles.borins@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
In the node installer, the shebang in npm's executable is rewritten from
#!/usr/bin/env nodeto#!${PREFIX}/bin/node(where${PREFIX}is node's install prefix).I have come to believe that this is a mistake.
It violates user expectations.
The
PATHenvironment variable is used to determine where the system looks for an executable. If I've placed anodebinary at a place earlier in thePATH, then I should expect that this will be the node that is used to execute node scripts. If a different node is used, then that's unusual, at least. Most unix script programs use/usr/bin/env $PROGRAMso that the user's preferred version of the executable will be used.It is unnecessary.
IIRC, this was originally added because SmartOS systems installed a "system" node (of version 0.2) at
/usr/bin/nodeand a "user" node (of a higher version) at/opt/local/bin/node, and wanted to ensure that the npm script in one location didn't inadvertently call the node at the other location.However, (a) system installers like this are more than capable of floating patches for such situations, and (b) system-level scripts that call
/usr/bin/npmcan just as easily call/usr/bin/node /usr/bin/npmto force the version of node that will be invoked. That is the correct place to be solving this issue, not in node's installer.It is less portable.
Because
npmis edited in the install process, hard-coding the shebang to a specific path to the node executable, you can't move the install location to another place without re-invoking the installer. If it simply left the npm binary alone, then the installation would be more portable, and could be moved anywhere, as long asnodeis in thePATH. And ifnodeis not in thePATH, then of course the user will have to invoke node via absolute path anyway. (In that case, they're also invokingnpmvia absolute path, so they're well off the beaten track.)In order to maintain this absolute-shebang contract in the "portable" pre-built tarballs of node, it's necessary to replace the npm script with a sh script that calculates the location of the current script, and invokes the node binary explicitly. This layer of indirection is unnecessary complexity, added to deal with the fact that we're solving a problem at the wrong layer. It is a really clever hack to preserve the contract that npm is always executed by the node it ships with, but also, it's a way too clever hack, and the smell indicates that this contract itself is problematic.
It makes test coverage wrappers (and other analytics) more difficult (or impossible).
In order to provide test coverage for node programs, in such a way that does not break when a node program is invoked in a child process,
nycusesspawn-wrap, which monkey-patches the built inspawnmachinery in node to make it load a shim script whenever executing node. It also modifies thePATHto ensure that shim is the firstnodefound by the child process.Since the shebang is explicitly set to
/usr/local/bin/node, this doesn't work when doingspawn('npm'), because thePATHis not used to look up the node binary. In order to work around this situation,spawn-wrapnow has to read the script being invoked, and determine if its shebang is an absolute path tonode, and then act accordingly.However, if the user does
exec('npm')instead, we're pretty much lost, because then the actual spawn will be/bin/sh -c "npm", and thenpmfound in thePATHwon't be pulling in thenodefound in thePATH.In the "portable" node builds, it's of course completely ridiculous. So the
spawn-wrapmodule now just says, "Oh, npm? That's probably a node program. Let's not even bother checking."Say what you may about monkey-patching builtins, I think we can all agree that, in general, test coverage is a Good Thing.
Suggestion: Just ship the npm executable as it is delivered by the npm cli team. Remove the shebang hacking in
scripts/install.py.This is a breaking change, albeit one that is long overdue and corrects a subtle and significant defect. I'd suggest getting it on the roadmap for 6.0 as soon as possible, so that platform maintainers have ample time to adjust accordingly.
The text was updated successfully, but these errors were encountered: