RFC: Enable depending on NPM packages

[alexcrichton]

This proposal is an evolution of #4 which accounts for much of the discussion and makes a concrete proposal.

Rendered

[fitzgen]

Thanks for this RFC, Alex. It provides answers for all of the open questions I had about the last iteration.

I have a few comments below, but these are nitpicks that I think we can largely address in implementation, and which don't need to block this RFC moving forward.

[fitzgen]

Nice insight.

[fitzgen]

This dependency on package.json will be opaque to cargo -- does it make sense to always include the package.json path (even when it doesn't exist) in the custom section and have the CLI tool handle the missing case? This way incremental builds where a package.json is included post facto should always work.

I think modifications to package.json would work incrementally either way though, right?

[alexcrichton]

Actually now that I think about it I think we can get rustc/cargo to learn about this dependency via include_str!. We could probably emit a dummy constant that doesn't end up getting used to force it to get included. That way the proc macro could actually work with the contents rather than just the path (and could put the entire contents in the custom section)

[fitzgen]

Thank you for summarizing all of this in one place.

[alexcrichton]

I'd like to propose that we enter the Final Comment Period for this RFC. The original RFC has been around for quite some time and has baked for quite awhile, and I'd like to help spur on final discussion for this one before implementing!

Disposition: merge

@rustwasm/core members to sign off:

• @fitzgen
• @ashleygwilliams
• @alexcrichton

[Pauan]

I think this seems very reasonable for an MVP.

[Pauan]

Are there any benefits to this restriction? Especially since we will support other fields in the future.

[alexcrichton]

I'm mostly thinking that we want to start out conservative. In the end wasm-bindgen will be producing a "merged" package.json, but that means that we in theory need a merging function for all fields of package.json. For now it's easy enough for us to define how to merge dependencies, but beyond that I figure we'd want to make explicit decisions about how to merge other fields rather than having something accidentally ad-hoc-ly define how to do it for us

[Pauan]

Could we somehow error for transitive crates but not the current crate?

Since the current crate might be published to npm, so it might want things like name, version, etc.

But transitive crates aren't intended for publishing to npm, so it's okay to restrict them to dependencies only.

[alexcrichton]

It's possible I think! My hope though is that only allowing dependencies is a useful-enough MVP to build on a feature like this in the future. Do you think, though, that we need to allow other fields (in some possible form) in the initial pass to be useful enough though?

[Pauan]

I suspect that at least version will be needed, since the npm version can be different from the Rust version (e.g. breaking changes in .rs but not in compiled .wasm).

Maybe not needed for the MVP though, so I don't think it should block anything. I think this RFC is fine as-is.

[alexcrichton]

ping @ashleygwilliams, have you had a chance to take a look at this and review the proposal for FCP in the past two weeks?

[alexcrichton]

I've got a sample implementation of the currently proposed version of the RFC at rustwasm/wasm-bindgen#1305

[alexcrichton]

@ashleygwilliams another ping since last week to check the FCP proposal

[alexcrichton]

@ashleygwilliams just another ping to check out the FCP proposal, would be great if we could get this in the near future!

[chinedufn]

@alexcrichton not to speak for Ashley but I noticed from twitter that she's recently moved cross country and changed jobs so I would imagine that she's super busy.

Not my intention to speak for her - just letting you know in case you don't already!

(@ashleygwilliams I'm really not trying to speak for you and just trying to call out that you might be a bit busy right now so feel free to let me know if I'm totally wrong!!!)

[alexcrichton]

@chinedufn true! I'm trying to only ping at most once a week though because I want to make sure this doesn't fall off the radar but it also isn't too overwhelming. We currently require a full-team signoff (although that may change in #9), so we're unfortunately stuck leaving out this feature (which I personally feel is very important!) until @ashleygwilliams checks her box.

[chinedufn]

Sounds good - hadn't seen #9 - thanks!

[alexcrichton]

🔔 🔔 🔔

This RFC has entered its final comment period. In seven calendar days, assuming no substantial new arguments or ideas are raised, we will merge it.

[trivigy]

@alexcrichton The restriction just broke the builds! As part of the workflow scripts are included in package.json. In particular, when using webpack to do extra automation for scss, css, and a bunch of other bundling as well as prettier, and storybooks, and more. To execute on all of them and more there is a need for something like this:

{
  "scripts": {
    "clean": "rm -rf ./pkg ./target ./dist ./node_modules",
    "build": "webpack",
    "serve": "webpack-dev-server",
    "storybook": "start-storybook -p 6006",
    "format": "prettier --write \"./src/**/*.{js,scss}\""
  },
  "devDependencies": {
    "@babel/core": "^7.7.4",
    "@babel/plugin-syntax-dynamic-import": "^7.7.4",
    "@storybook/addon-actions": "^5.2.8",
    "@storybook/addon-knobs": "^5.2.8",
    "@storybook/addons": "^5.2.8",
    "@storybook/html": "^5.2.8",
    "@wasm-tool/wasm-pack-plugin": "^1.0.1",
    "babel-loader": "^8.0.6",
    "babel-plugin-macros": "^2.7.1",
    "clean-webpack-plugin": "^3.0.0",
    "copy-webpack-plugin": "^5.0.4",
    "css-loader": "^3.2.0",
    "fibers": "^4.0.2",
    "html-webpack-plugin": "^3.2.0",
    "paths.macro": "^2.0.2",
    "prettier": "^1.19.1",
    "react": "^16.12.0",
    "react-dom": "^16.12.0",
    "sass": "^1.23.1",
    "sass-loader": "^8.0.0",
    "style-loader": "^1.0.0",
    "ulid": "^2.3.0",
    "webpack": "^4.29.4",
    "webpack-cli": "^3.1.1",
    "webpack-dev-server": "^3.1.0"
  }
  }
}

In addition. Please note, that the dependencies these tools require are "devDependencies" only. I wouldn't want them to be included in the "dependencies" key in the first place. Also important to note here the use of @wasm-tool/wasm-pack-plugin. This one is a must because it is the only way to integrate into the storybook custom build process. They support an additional webpack.config.js file placed inside of .storybook directory.

Not entirely sure how I could work around such limitation of "only dependencies". Would appreciate some input.

[trivigy]

On a separate note, this RFC is extremely nuanced because the only reason this issue surfaced in my specific use case was due to the use of #[wasm_bindgen(module = "foo")] module dependency. Without in, there is no lookup and merging of the package.json and therefore this change was never noticed until now.

[alexcrichton]

Sorry for the difficulties you're having @trivigy! I think that unfortunately there's not a great answer today, but brainstorming on how to solve this would be greatly appreciated!

[trivigy]

@alexcrichton I ended up spending the time rewriting everything in terms of inline_js. That's my work around for now. But I bet this exact issue will come up for others as well. Thanks for the hard work you put in and for responding.

[DarthGandalf]

This broke me too. I use npm install to install npm dependencies, followed by npm run build which uses webpack which invokes wasm-pack via @wasm-tool/wasm-pack-plugin. Can there be an option for wasm-pack to allow any keys in package.json and not require user to remove all keys from it which would break other tools which read it?

There are lots of tools which use package.json other than the dependencies key:

• npm run
• Babel
• ESLint
• browserslist
• etc

While some of them have alternative ways to configure them, breaking a common practice of using package.json for the sake of better integration with NPM ecosystem is self-contradicting.

Please remove this restriction and simply ignore unknown keys.

[alexcrichton]

@DarthGandalf at this point it's probably best to open an issue and/or PR on wasm-bindgen, and please feel free to do so!

[Pauan]

I've given some thought to this, and I agree that we should allow for all keys in package.json. This makes it possible to use 1 package.json file (rather than 2), and it also matches what npm itself does.