►
From YouTube: 2021-09-30-Package Maintenance Team meeting
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Cool
yeah
take
it
away,
then
take
it
away
all
right.
Well,
thanks!
Everybody
for
joining
today
is
september.
30Th
2021,
and
this
is
another
meeting
of
the
node.js
package
maintenance
team
working
group.
We
have
three
items
on
the
agenda
today,
issue
for
initiate
483
before
we
get
to
those
any
announcements
from
anybody
here
on.
The
group
call.
B
I
wouldn't
I
I
don't.
I
don't
know
tierney
I
was
just
wondering,
though,
is
there
anything
new
to
bring
up
on
the
assertion.
C
Yeah
in
yesterday's
rfc
meeting
I
mean
in
the
past
few,
it's
been
basically
like
the
doc
is
done
and
there's
not
really
much
more
to
be
added.
I
think
the
general
consensus
is
to
not
do
the
third
party
trust
system.
Yet
I
think
that
that
is
a
fine
additional
rfc
if
we
want
to
go
down
that
path,
but
it's
a
separate
concern.
C
So
the
the
initial
kind
of
thing
is,
you
know
the
dock
is
complete.
It
does
require
a
decent
amount
of
work
from
the
the
registry
team.
So
what
darcy
brought
up
last
time
or
yesterday
was
that
you
know
we'd
potentially
look
at
implementing
it
partially
in
the
cli
first,
so
like
having
a
more
minimal
implementation
and
then
expanding
into
the
full
rfc.
C
Just
because
that's
kind
of
what
the
process
allows
for
presently
so
yeah,
it
seems
like
there's
going
to
be
progress.
It
hasn't
started
yet
like
work.
That
work
hasn't
been
committed
committed.
Anything
like
that.
So
spoken
progress,
but
not
actual
code,
progress,
sure.
B
A
C
A
I
mean
it
comes
up.
Well,
I
don't
you
know
how
frequently
this
topic
comes
up,
so
I
guess,
with
the
michael
j
thought
that
this
group,
either
through
social
or
just
these
meetings,
kind
of
helped,
communicate
and
share
that
these
things
are
taking
shape.
You
know
you
just
be
another
vector
to
help
spread
that
sort
of
information.
A
B
Space
came
out
of
this
group
and
you
know
I
think
this
is
a
great
step
in
that
in
in
solving
the
problem.
I
I
still
think
that
we
need
the
broader,
like
I
totally
agree
with
tierney.
You
don't
want
to
stop
doing
something
useful
to
solve
the
full
case,
but
I
think
that
there's
still
like
the
bigger
case,
because
there's
other
tools
that
use
the
cve
data
to
report
vulnerabilities.
B
So
this
may
resolve
it
in
npm
audit,
but
I
still
think
we
want
to
work
on
a
on
a
broader
solution
where
you
know,
instead
of
people
having
to
do
an
assertion
to
npm
and
assertion
to
snick
and
assertion
to
maybe
to
cve
separately,
we
could
somehow
figure
out
how
you
do
that
once
and
you
know
it
and
everybody
can
consume
that
data
and,
as
jerry
mentioned,
there's
also
that
second
part
of
like
third-party
assertions.
I
think
people
could
add
value.
B
End
up
doing
nothing
right
so
yeah.
That's
why
I
like
totally
in
support
of
of
of
this
moving
forward
and
so
yeah.
We
should
help
promote
it
and
this
because
you
know
we
sort
of
kicked
the
discussion
to
the
package
collaboration
space
and
I
know
we
haven't
made
as
much
progress
as
we'd
like
this
group.
I
think
we
just
want
to
keep
talking
about
both
this
specific
one
and
the
larger
problem.
C
Yeah
and
just
like
expanding
on
that,
I
agree
that
third
party
stuff
would
be
nice.
I
think
there
is
value
to
be
added.
It's
a
lot
of
like
to
get
it
right
is
a
lot
of
work
and
it's
yeah.
C
It's
it's
much
more
work
that
has
already
been
done,
and
I
want
to
make
sure
that,
like
the
even
underlying
system
that
that
would
be
based
upon
regard,
at
least
for
npm,
that's
the
system
I'm
picking
about,
but
that
system
is
at
least
validated
and
like
useful
to
people
and
then
expanding
on
top
of
that,
especially
because
one
thing,
I've
very
often
seen
in
the
javascript
ecosystem
is
building
up
a
feature,
and
then
it
not
not
it
doing
like
80
of
the
things
people
want
it
to
and
then
they're
being
like
another
20
that
if
we
had
a
little
bit
more
context
from
the
broader
audience,
because
javascript
is
so
huge.
C
If
we
had
that
additional
context,
we
could
have
built
it
in
from
the
beginning,
so
shipping
it
kind
of
smaller
and
then
expanding
on,
like
how
are
people
gonna
use.
This
and,
like
you
know,
like
I
pointed
out
in
the
the
pr
this
could
be
built
on
top
of
it
already
and
then,
like
people
can
kind
of
build
out
trust
on
top
of
it,
like
people
can
already
build
out
trust
from
third
parties,
and
then
we
can
expand
on
that
with
you
know
the
ecosystem
and
getting
it
shipped
directly.
C
A
C
Yeah,
it's
it's,
it
depends.
It
depends
on
what
the
future
is.
It
depends
on
who's
proposing.
It
depends
on
like.
Is
this
the
npm
team
documenting
something
that
they're
kind
of
beginning
to
work
on
and
like
are
just
building
out
like
consensus
on,
or
is
this
something
that
the
community
is
requesting
and
like?
C
This
is
a
rather
large
request
that
crosses
not
just
the
mpmcli
team,
which
is
what
the
rfc
process
is
for,
but
it
also
crosses
into
the
registry
team,
which
is
a
different
team
in
github,
and
so
that
kind
of
that
increases
the
the
the
the
velocity
well,
the
decreases
the
velocity
and
increases
the
kind
of
time
resolution
on
it
yeah.
So
it
depends
this
one.
I
don't
expect
to
see
fully
implemented
within
the
next
six
months.
C
B
C
Oh
my
computer
died.
Can
you
hear
me
cool.
A
C
My
gp,
no,
I
I
could
I
could
hear
you
the
whole
time
my
gpu
keeps
crashing
because
windows
11.
yeah,
so
yes,
I
it
would
be
theoretical.
I
mean
like
it
was
basically
just
brought
up.
I
don't
know
exactly
what
the
implementation
is.
I
assume
basically
it's
building
it
out,
building
at
a
more
mvp-ish
state
of
it
and
then
expanding
that
into
the
registry
teachers
as
we
go
so,
but
what
that
fully
means,
I'm
not
sure
so.
Yeah
we'd
have
to
talk
about
ourselves.
Yeah
the
thing
about
that,
because.
A
B
A
Cool
and
then
I
guess
so
would
in
this
case
like,
would
there
typically
be
like
an
issue
and
the
backlogs
of
the
rfc
would
get
merged?
Then
it
would
pop
up
in
a
backlog
as
an
issue.
I
guess
if
anybody
wanted
to
keep
following.
C
I
think
generally
the
rfc
gets
merged
into
accepted
but
not
implemented.
There's
two
different
directories
and
then
I
don't
know
I
I
that's
a
good
point
and
I
can
ask
about
that.
I'm
not
sure.
Generally,
I
think
what
happens
is
when
it
starts
getting
worked
on
is
when
there's
a
pr
up,
but
not
necessarily
an
issue
that
gets
you
know
referenced
in
the
process.
Okay,.
A
Cool
all
right,
that's
good,
to
know
just
help.
Everybody
follow
along
there,
some
good
stuff
so
and
thanks
for
getting
all
that,
putting
all
that
together
in
the
rfc
as
well
go
through
all
those
comments
and
feedback.
So.
C
Another
just
another
rfc,
just
kind
of
reporting
on
that
work.
Another
rfc
I
was
working
on
was
the
licenses
license
auditing.
B
C
I
ended
up
pairing
a
bit
with
isaac
and
he
basically
pointed
out
that
directly
using
licensee
for
context.
This
was
basically
a
proposal
to
use
licensee,
which
is
an
existing
mpl
module
to
effectively
do
licensed
audits.
C
I
got
that
approval
concept
working
for
the
most
part
like
json
output
was
all
doing
fine
and
I
got
to
the
point
of
rendering
it
in
audit
and
it
turns
out
that's
all
done
through
with
arborist,
and
you
know
I
ended
up
pairing
with
isaac
a
bit
and
it
realized
that
all
the
the
tree
resolution
also
is
happening
in
arborist,
which
is
how
you
do
empty
implemented,
fix
and
effectively
just
gonna
have
to
re-implement
it
in
arborist
directly
as
a
new
kind
of
structure
in
the
audit
audit.
C
I'm
not
sure
on
the
timeline
on
that,
but
that's
something
that
I'm
excited
for.
It
is
definitely
a
little
bit
above
what
I've.
What
I've
done
before
so
we'll
we'll
see
how
that
goes.
But
yeah
excited
for
that.
A
And
so
so,
if
you
don't
mind,
you
link
an
issue,
and
so
I
know
that
there's,
like
a
is
it
so
is
this
a
difference
between,
like
just
some
light
validation
to
package
json
just
for
the
actual,
so
is
it
different
from
just
saying
like?
Oh,
this
isn't
a
known
license
format.
Does
it
go
deeper
than
that.
C
It's
a
lot
deeper
than
that
yeah.
So
it's
basically
giving
an
allow
list
and
a
block
list
of
licenses.
A
C
Things
like
if
something
gets
re-licensed
arborist
could
do.
Resolution
on
arborist
could
do
resolution
on
sorry,
I'm
promoting
him.
Arborist
could
do
resolution
on
kind
of
like
cool
if
v3
is
licensed
mit,
but
v2
is
unlicensed.
Go
to
v3.
C
That
kind
of
thing,
which
is
very
useful,
that
is
having
worked
on
a
licensed
product
before
for
javascript
modules.
That
is
one
of
the
most
consistent
problems
is
just
something
isn't
licensed
and
they
realize
it
and
fix
it
like
or
there
isn't
like
a
machine,
readable
license,
and
so
that's
a
very
common
use
case
that
I
actually
really
want
to
solve
for
so
yeah.
A
A
The
kind
of
community
organization
against
you
know
actionable
work
being
done
in
the
mpi
npm
team
itself,
so
that
cross
pollination
seems
to
be
gaining
some
traction.
So
I
don't
know:
did
this
request
start
from
this
group
or
is
that
just.
C
This
is
me
wanting
this
tooling,
which
I
think
I
initially
talked
about
in
this
group
or
very
early
on,
and
then
I
went
and
built
it
myself,
and
then
I
got
poked
to
do
npm.
C
Do
it
with
mpm,
and
I
I
think
that's
a
better
place
for
and
I'd
like
to
see
this
tooling
be
persistent
in
the
ecosystem
or
omnipresent
in
the
ecosystem
and
the
package
management
ecosystem.
I
fundamentally
don't
think
that
this
should
be
paid
tooling.
I
think
that's
a
pretty
toxic
state
for
the
ecosystem
to
be
in
and
it
presently
is
paid
tooling.
In
a
lot
of
cases,
there
are
open
source
modules,
but
a
lot
of
companies
sell
this
and
I
would
prefer
if
people
didn't
have
to
pay
for
it.
So.
A
Yeah,
I
see
that's
well,
I
mean
it
certainly
seems
like
it's
something,
that's
very
easy
or
from
the
mpl
npm
and
cli's
perspective.
Just
you
know
probably
glossing
over
a
lot
of
code
in
there,
but
you
know
it's
literally
already
running
through
the
tree
right.
So.
A
Than
right
during
your
npm
install
or
whatever
all
right,
that's
awesome,
cool,
excellent,
great
updates.
I
definitely
want
to
make
sure
we
have
some
time
for
the
agenda
items,
but
before
we
move
on
to
those
any
comments
or
follow-ups
on
those
two
topics
from
anybody.
A
Awesome
well
hopefully
I
did
your
updates
justice
in
the
dock,
so
make
sure
I
was
able
to
get
those
nice,
concise
and
clear.
But
if
we're
good
there,
then
let
me
continue
with
the
agenda.
So
it
looks
like
the
first
or
the
next
item
then,
would
be
issue
458,
which
is
status,
updates
and
next
steps
for
pkg
s
create
a
repo
initiative.
So
I'm
not
sure
if
anybody
here
is
able
and
would
like
to
give
an
update
on
the
status
of
that
working
mike
or.
B
A
Okay,
so
it
looks
like
from
the
notes
that
michael
left,
that's
the
progress,
is
still
ongoing,
that
the
point
of
contact-
I'm
not
sure
it
doesn't
look
like
john,
is
here,
so
we
might
need
to
move
on
to
the
next
item
unless
anybody
does
have
anything
they
want
to
bring
up
on
this.
This
particular
issue.
A
Next
item
is
issue.
Number
413
suggested
list
of
modules
to
help
get
support
info
into
this.
One
also
looks
like
michael,
was
pretty
active
in
the
issue
thread,
but
I'll
throw
a
line
out
there
into
the
crowd.
Does
anybody
have
any
updates
or
any
information
on
this
particular
issue?
By
chance?
A
If
anybody
even
knows
what's
left
on
this
one,
maybe
that'll
be
maybe
not
something
to
put
into
the
notes
is,
you
know,
is
there
kind
of
like
any
actionable
last
steps,
or
you
know
I
know
sometimes
a
lot
of
it
is
if
it's
content
related,
you
kind
of
put
it
out
there
and
kind
of
you
know,
let
it
propagate
and
you
might
not
close
it,
but
maybe
that's
so.
I
will
close
it,
but
I'll
put
a
note
saying
that
you
know.
Maybe
someone
wants
to
provide
a
summary.
A
A
A
Okay,
I
will
clean
up
those
caps
locks
all
right,
then.
The
last
item
then
issue
373.
A
This
is
an
umbrella
issue
that
I
created
for
draft
documentation
promotion.
A
This
is
just
kind
of
one
of
those
ongoing
issues,
but
just
to
quickly
summarize
for
everybody
here
effectively,
there
are
a
number
of
documents
in
our
package:
maintenance
repository
that
are
in
a
drafts.
Folder
and
they've
been
that
way
for
a
little
while,
and
so
this
issue
is
meant
to
basically
just
list
them
all
and
figure
out
if
a
they're
good
enough
that
they
should
just
be,
you
know,
maybe
with
some
spell
check
or
something
promoted
right
to
the
basic
non-draft
folder
or
if
they
need
a
little
tlc.
A
Maybe
someone
could,
you
know,
take
an
hour
to
proofread
update,
you
know
whatever
it
needs,
so
I
haven't
worked
on
any
of
the
newer
ones
but
effectively
in
the
issue,
it's
more
of
just
like
a
call
that
action
free
for
any
of
us
to
you
know
pick
up
one
of
these
and
just
brush
it
off
a
little
bit
and
basically
open
a
pr,
and
it
could
just
be
as
simple
as
you
know,
to
get
moved
effectively.
A
If
it's,
you
know
complete
enough,
I
think
it's
kind
of
one
of
those
cases
that
there's
a
not
a
lot
of
historical
records
as
to
you
know
what
it
needed
to
get
out
of
draft.
So
you
know
if
it's
good
enough,
then
why
keep
it
tucked
away
so,
but
I
will
yeah.
Does
anybody
have
any
updates?
I
don't
want
to
speak
foreign.
C
It
looks
like
the
dependency
management.
One
got
closed,
the
issue,
at
least
I
don't
know
if
we
want
to
check
that
off
or
if
we
want
to
reopen
that
or
if
we
want
to
remove
oh
yeah.
A
Okay,
let's
see
so,
let's
take
a
note.
A
Side,
so
for
anybody
here
or
watching
this
if
you've
been
interested
or
wanted
to
contribute
or
looking
for
some
now
that
oktoberfest
is
around
the
corner.
If
you
want
some
items
to
help
out,
those
could
be
pretty
easy
and
quick,
and
you
know
anybody
can
reach
out
to
anybody
on
the
team
ping
them.
If
you
have
any
questions
but
yeah,
I
think
for
a
lot
of
these.
You
just
get
the
pr
with
whatever's
in
there.
A
Yeah
I
mean
I
guess
this
is
the
last
item,
so
we
pretty
much
have
a
lot
of
extra
time.
Does
anybody
have,
I
guess
more
from
like
a
node.js
foundation,
perspective
or
point
of
view,
any
opinions
or
is
it
has
no
ever
participated
in
october.
A
Consumerism
side:
the
spirit
is
great,
but
you
know
I'm
just
curious
how
you
guys
have
interacted
with
it
in
the
past.
C
A
Cool
yeah,
I
I
generally
like
to
have
a
good
reservoir
of
different
types
of
issues
for
anybody
that
wants
to
help,
and
so
you
know
it's
always
nice
to
have
those
non-code
opportunities.
So
if
yeah,
if
there's
no
issue
with
kind
of
promoting
like
hey,
you
know,
if
you're
looking
for
some
good
first
issues,
you
know
I
could
use.
I
could
share
a
link
to
the
issue
filter
or
something
all
right,
that's
good
to
know!
I
can
do
a
little
bit
of
that.
A
A
Cool
well,
that
does
bring
us,
certainly
through
all
the
agenda
items.
I
guess
at
this
point
I'll
just
yield
the
mic
back
to
the
group.
Any
topics
of
interest
that
anybody
wants
to
present
with
some
of
the
time
left
that
we
have.
A
Alrighty
well
then,
I
don't
know
how
to
end
one
of
these
other
than
saying
goodbye.
A
Right
right
on
well
thanks
everybody
for
coming
out
and
giving
the
good
updates
I'll
make
sure
they're
all
in
the
dock,
and
I
guess
that's
that's
a
wrap
for
today
awesome!
Well,
thanks
talk
to
everybody
in
a
couple
weeks,
bye,
bye,.