►
From YouTube: 📦Package Managers WG Weekly Sync May 28, 2019
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Hello
and
welcome
to
the
package
manager
special
interest
group
weekly
sync
for
May
28th,
I'm
Andrew
your
host
for
today,
because
aching
brain
is
moving
house.
So
we've
already
got
a
note
taker
and
the
clip
pad
link
is
in
the
chat.
So
I'll
start
this
week,
I
made
a
little
project
called
ipfs,
NPM
republish,
the
idea
being
that
you
could
go
into
a
directory
of
a
program
and
JavaScript
program
that
you
really
have
installed
locally,
run
a
command
and
have
a
mini
registry.
B
A
A
If
we
have
some
time
at
the
end
of
the
call-out
I'll
show
a
little
demo
also
had
a
couple
of
fairly
involved
calls
discussing
the
MPM
on
ipfs
roadmap
and
also
the
package
managers
deep
dive
that
we're
going
to
be
running
at
ipfs
camp
I.
Think
both
of
those
are
ongoing.
There
are
notes
and
I've
put
in
the
crib
pad,
but
I
don't
think.
There's
any
resolution
that
we've
reached
on
either
of
those
just
yet
I
also
emerged
in
all
of
the
updated
documentation
on
the
package
managers
repo.
A
So
it's
a
little
bit
more
organized
and
gets
it
out
of
the
issue
tracker.
So
it's
hopefully
a
little
bit
easier
for
people
to
find
and
we
can
start
to
turn
that
into
more
of
a
kind
of
a
story
or
a
a
path
that
you
can
follow
to
work
out.
What
the
hell
like,
how
ipfs
and
package
managers
work
together
and
why
things
are
like
they
are.
A
The
way
our
next
thing,
I'm,
really
doing,
is
a
little
bit
more
work
on
this
republish
script
to
try
and
make
it
so
that
you
can
have
more
versions
than
just
whatever
the
current
resolved
ocean
is
available,
as
well
as
further
planning
on
the
ipfs
camp.
Deep
dive
and
kind
of
the
brainstorming
around
the
next
set
of
work
for
package
managers.
Special
interest
group
on
my
internet
is
awful.
Sorry
about
that.
A
The
kind
of
planning
for
whatever
the
next
six
months
of
package
managers
work
is
what
should
kind
of
shake
out
as
some
of
the
content
for
the
deep
dive
of
areas
to
work
out
if
they
are
relevant
to
to
work
in
and
but
we
kind
of
need
to
know
what
those
things
would
look
like.
First
of
all,
so
that's
kind
of
where
my
head's
going
to
be
this
week.
Jessica.
C
Including
talking
through
the
the
overall
roadmap
and
the
deep
defending
I
have
next
up
a
few
bits
and
pieces.
I
need
to
tie
for
that
for
like
physical
artifacts
that
we're
gonna
have
in
the
room
for
the
deep
die
of
letting
some
posters
with
some
key
points.
If
people
can
knock
on
a
couple
of
things
like
that,
I
packed
all
the
physical
things.
C
A
C
C
B
C
D
So
I
told
Alex
about
this,
but
I
have
a
forked
go
ipfs
that
has
a
much
less
sucking
version
of
IPs
yeah,
so
it
is,
it
is,
is
very
fast
once
you
have
discovered
your
peers,
which
sounds
obvious
and
yet
was
not
because
it
still
is
slow.
Even
when
you
were
connected
to
everybody
before.
D
A
Something
I
noticed
when
having
play
around
this
week.
Is
it
actually
takes
time
to
resolve
your
own
IP
NS
is
when
you've
just
published
them.
I
wondered
if
there's
like
some
kind
of
shortcut.
If
you
can
provably
check
that
the
IP
NS
is
one
of
your
own,
like
if
you
have
the
private
key
for
that,
can
you
not
even
bother
going
out
tasks
anywhere
else
for
it.
D
Yeah
I
mean
you
could
that
I
could
probably
be
set
up,
because
you
wouldn't
need
to
wait
for
a
quorum
anymore,
because
you
know
you
are
this
source
of
truth,
but
it's
it's
only
how
it's
all
like
one
node
IP
an
esky
like
if
your
peer
ID
is
the
IP
and
s
key.
Then
this
is
easy
right,
but
if
you
publish
with
a
different
key
now,
I
also
have
to
check
my
key
registry
to
see
if
I'm,
the
owner
of
that
key
as
well.
D
So
like
it's,
not
quite
as
trivial
as
it
could
be.
The
good
news
is
that,
with
the
reasonably
with
the
you
know,
pub/sub
okay,
nice
stuff
reap
republishing,
like
allowing
a
third
party
to
republish
a
record
on
your
behalf,
comes
for
free
as
part
of
how
pub/sub,
like
gossip
protocols,
work,
which
means
that
you
would
also
be
able
to
hear
about
yourself
for
free
right
so
like
this
would
get
solved
by
accident.
Okay,.
A
That's
cool
yeah.
It
was
mostly
for
the
kind
of
first
user
experience
of
going
like
oh
I,
published
a
name.
Let
me
go
put
that
in
like
in
desktop
to
see
what
it
looks
like
and
it
goes
this
is
gonna
take
a
while
or
if
you
wanted
in
this
IP
IP
ves
republish
script.
If
you
wanted
to
have
it
drop
a
name
at
the
end
of
it,
then,
like
you
want
to
use
that
registry
straightaway,
it
makes
it
like
a
slower
experience
just
to
test
that
what
you,
what
you
created
would
be
successfully
working.
Yes,.
B
A
D
I
mean
we'll
have
to
play
route
that
I
haven't
tried
that
too
much,
but
it
seems
like
it's
like
fast
enough.
This
is
also
partially
because
the
IPS
over
pub/sub,
even
the
existing
like
non
fork
version,
has
a
level
of
caching
built
into
it.
So
as
soon
as
you
do
a
publish
like
it
hangs
around
so
the
yeah,
the
problem
was
just
like
you
couldn't
access.
You
couldn't
really
access
that
initially,
so
I
bet
you.
D
D
D
One
one
caveat
is
that
if
you're
trying
to
do,
if
you
trying
to
do
like
pushing
updates
quickly,
there's
a
flag,
you
have
to
pass
and
type
in
us
to
make
sure
that
you
don't
get
a
cached
version
of
the
data
or
a
there's,
caching
at
the
CLI
level
and
caching
at
the
network
level.
So
if
you
want
to
turn
off
caching
at
the
CLI
level,
then
there's
a
flag
to
pass
in
have.
B
A
Okay,
so
just
got
my
terminal
for
now
I'm
in
a
directory
here
that
actually
the
program
itself,
but
the
important
thing
is
that
it
has
a
package
lock
Jason,
which
contains
the
fully
resolved
dependency
tree
of
this
project,
which
has
about
one
hundred
and
sixteen
different
things.
You
know,
I
think
the
loads
of
dependencies,
and
basically
every
one
of
these
things
in
here
is
the
flattened
dependency
tree
for
this
project.
They
didn't
use,
have
any
dependencies,
but
I
just
had
to
add
one
which
brought
in
another
hundred
or
something
along
with
it.
A
So
what
we
can
run
is
a
command
that
basically
will
go
and
download
a
pack,
you
mint
and
then
for
each
version,
that's
specified
the
locked
version.
It
will
download
that
Tarble
and
it
will
add
them
all
to
a
folder
that
basically
makes
the
URL
if
it's
loaded
over
the
Gateway
look
just
like
an
NPM
registry
URL.
So
now
good
question:
how
do
I
switch
from
just
sharing?
Now,
let's,
let's
share
my
whole
desktop.
Instead.
A
A
Npm
RC
the
configuration
to
use
that
new
registry,
so
that
hap
that
then
works
out
the
box.
You
can
delete
your
node
modules
and
you
can
delete
your
package
lock,
jason
you
don't
have
to,
but
we'll
imagine
that
we're
starting
from
scratch
almost
as
if
someone
has
just
cloned
this
and
then
they
can
run
npm
install
and
that
will
pick
up
that
new
newly
changed
npm
RC
file
automatically
and,
as
you
can
see,
it's
pretty
fast
like
it's,
not
because
it's
loading
from
your
local
IP
FS
gateway.
A
Then
if
we
cat
that
package
lock
file
again,
you
can
see.
We
have
funnily
enough.
We
there's
a
bug
here.
It
doesn't
actually
affect
anything,
but
it
puts
a
new
line
on
the
end
of
all
of
the
tarball
URLs,
but
that
gets
ignored
anyway,
but
each
one
of
the
doubles
is
now
resolved
to
the
same
local
gateway,
not
they're,
not
all
the
same
cid.
It's
the
cid
for
each
individual
Tarble,
rather
than
the
the
whole
registry
itself,
but
this
whole
package,
this
whole
collection
of
things,
is
then
being
pulled
from
your
local
gateway
automatically.
A
So
you're
able
to
then
share
that
with
someone
else,
and
they
can
start
using
that
without
necessarily
even
needing
to
be
online.
You
can
also
n
if
we
go
into
a
different
tab,
say
like
I
would
like
to
to
publish
some
packages
that
I
care
about
and
not
necessarily
have
an
application
yeah,
but
I
want
to
put
each
individual
packages
on
try
PFS,
let's
say
I'm
going
to
go
on
a
plane
and
I'm
pretty
sure
that
I'm
going
to
use
a
few
of
these
packages
to
play
with
whilst
I'm
there.
A
But
if
I
say
use,
install
react
with
this
new
mini
registry
that
I
created,
then
it
works
and
you
get
a
combination
of
those
two
mini
registries
installed,
which
then
you
can
say.
Oh
now,
I'll
republish
that
and
that
puts
116
rather
than
106
or
whatever
it
was
up
into
a
new
registry.
So
you
can
then
start
to
combine
different
registries
together
and
republish
them
without
needing
to
have
a
connection
to
the
upstream
registry.
A
So
you
start
to
be
able
to
kind
of
become
the
ruler
of
your
own
domain
when
it
comes
to
how
on
where
you
want
to
share
your
packages,
still
some
questions
around,
like
the
trust
of
that,
but
that
might
require
some
kind
of
notary
service
where
or
like
signing
of
packages.
Some
way
to
prove
out
like
the
CID
is
what
does
match
up
with
or
the
integrity
hashes
could
be
compared
with
the
NPM
registry.
B
A
Right
now,
and
that
particular
project
doesn't
because
it's
a
module
rather
than
a
rather
than
an
application,
I'm
not
committing
the
lock
file,
I'm,
not
committing
the
NPM
RC.
But
what
I
would
imagine
people
do
for
their
applications?
Is
they
would
commit
both
of
those
files
and
so
you'd
be
able
to
check
out
the
the
git
repository
and
it
would
have
all
the
config
built
in
yeah.
A
Latest
will
be
generated
from
if
there
are
number
of
versions
listed
inside
of
a
pacman.
It
would
order
by
semver
and
take
whatever
the
greatest
number
is
in
there.
Unless
it's
tagged
so
NPM
slightly
different
than
many
other
packages,
you
can
say
any
version
you'd,
like
is
the
latest.
You
can
tag
it
with
a
string
of
latest
and
that
wasn't
resolved
as
latest.