►
From YouTube: Open RFC Meeting - Wednesday, May 5th 2021
Description
In our ongoing efforts to better listen to and collaborate with the community, we run an Open RFC call that helps to move conversations and initiatives forward. The focus should be on existing issues/PRs in this repository but can also touch on community/ecosystem-wide subjects.
A
And
we're
live,
welcome
everyone
to
another
npm,
open
rc
meeting
today's
date
is
wednesday.
May
5th
2021
will
be
following
along
the
agenda
that
was
posted.
I
believe
in
issue
number
374
on
the
npm
rc's
repo
I've
copy
and
pasted
in
chat.
The
meeting
notes,
talk,
feel
free
to
add
yourself
as
an
attendee,
and
I
will
have
to
apologize
for
my
internet.
I
hope
it
stays
up
throughout
the
meeting,
but
if
not,
I
would
ask
if
somebody
could
potentially
try
to
record
locally.
I
believe
there's
a
few
folks.
A
I
can
make
co-hosts
and
I'll
do
that
now
and
yeah
we'll
be
jumping
into
the
agenda
here.
First
and
foremost,
I
want
to
give
an
acknowledgement
that
these
calls,
as
well
as
any
columns
on
the
rc's
forum
or
sorry,
the
rfc's
repo
are
covered
under
code
of
contact,
and
these
calls
we
just
asked
that
you
be
polite
and
respect
when
other
folks
are
speaking.
Please
raise
your
hand
if
you
have
a
comment
and
we'll
call
on
you
and
yeah
just
be
mindful
and
thoughtful
of
others
on
these
calls
in
terms
of
announcements.
A
A
I
think
one
of
the
panels,
so
the
package
maintenance
working
group
has
a
session
and
I
think
also
wes
was
wesley
todd
who's.
A
part
of
these
calls,
often
and
myself
are
going
to
help
try
to
run
the
first
open,
js
cloud
cloud
working
group.
I
guess
we're
calling
it
cloud
collaboration
space
for
package,
vulnerability,
maintenance,
so
we've
kicked
off
for
repo
there.
I
can
share
the
issue,
the
tracking
issue,
that
we
have
for,
if
you'd
like
to
get
involved
and
want
to
be
a
part
of
that
call.
A
So
if
you
do
want
to
be
jump
on
that
call-
and
this
will
be
the
you
know-
not
inaugural
call
for
this
collaboration
space
feel
free
to
add
yourself
there
and
we're
going
to
try
to
figure
out
a
good
time
to
pre-record
that
session
and
that
will
go
on
as
sort
of
a
community
focused
session
for
open.js
world.
A
Then
we
can
jump
right
into
the
agenda,
so
the
first
item
that
we
had
here
was
pr364
restore
the
mpm6
ability
to
install
one
package
at
a
time.
I
think
jordan
also
might
have
referenced
something
along
these
lines.
A
B
Yeah
I
mean
I
just
I
saw
that
the
error
message
and
then
or
the
issue
rather
and
when
I
realized
that's
how
it
was
behaving
somebody
had
been
complaining
about
it
in
irc
as
well.
It
sort
of
came
out
that
it
was
a.
B
I
don't
know
if
it's
not
clear
to
me
whether
how
intentional
the
change
was
like,
or
at
least
how
thought,
through
the
consequences
of
the
change
were,
even
if
it
were,
it
was
intentional,
like
what
it
what
nvm7
currently
does
makes
is
defensible
right
like
it.
It's
basically
saying
at
all
times.
I
want
to
give
you
the
best
possible
tree,
but
I
think
that
it's
surprising
and
like
defies
expectations.
C
D
B
For
development
workflows
or
if
you're,
trying
to
manually
install
things
one
at
a
time
to
test
different
versions
of
things
or
just
try
things
out,
and
so
it
like
this
seems
like
it
goes
in
more
in
the
worst
direction
of
that
of
like
continue
like
like
it's
telling
me
what
my
node
module
should
be,
and
no
I'm
telling
you
what
my
module
should
be.
You
need
to
do
what
I'm
telling
you
not
what
you
think
is
best,
so
it
kind
of
just
feels
like
it.
E
It's
more,
you
know,
even
if,
if
you
ins,
if
you
tell
us
to
install
one
thing,
we'll
actually
install
everything,
it's
more,
that
it's
more
a
ramification
of
the
or
you
know
outcome
of
the
way
that
we
do
add
a
new
package
of
tree,
which
is
we
say,
okay.
Well,
let's
add
this
new
dependency
from
the
root
package
and
then
do
what
we
do
right
so
and
then
just
do
a
reification
which
is
kind
of
just
the
simplest
way
to
go
about
it.
E
The
the
thing
is
now
we
just
recently
not
too
long
ago
added
the
ability
to
install
just
a
single
workspace
and
what
this
will
do
so
the
complexity.
If
I
said,
if
you
say,
npm
install
foo
and
we
only
install
foo
well,
foo
depends
on
something
and
that
something
is
you
know
also
has
to
be
installed
somewhere
or
else
the
foo
you
installed
doesn't
really
work
and
there
may
be
deduplication
or
other
things.
E
We
have
to
account
for
the
fact
that
you're
going
to
later
install
something
else,
and
you
don't
want
to
have
to
shuffle
more
of
the
package
tree
than
you
need
to.
So
we
do
still
need
to
build
the
entire
ideal
tree
and
save
that
to
the
package
json.
But
as
far
as
what
we
actually
put
on
disk,
we
can.
We
have
the
capability
now
to
limit
it
to
just
a
particular
sort
of
branch
of
the
dependency
graph.
E
B
Just
to
clarify,
if
I
say,
install
foo,
I
would
never
ever
expect
that
to
mean
anything
except
foo.
E
E
I
think
a
while
ago,
it's
not
the
case
that
npm
install
foo
in
a
packet
in
a
tree
in
a
project
with
a
package
lock
is
going
to
be
the
same
guaranteed
as
npm
install
foo
in
an
empty
project
right
because
if
foo
has
a
dependency
which
could
be
deduplicated
by
something
else,
that's
going
to
be
in
the
tree
later
we're
going
to
give
you
that
different
version.
Based
on
that
context,
so
I
mean,
I
think
I
think
all
this
like
it's
too
much
in
the
weeds
for
anybody
to
really
care
about.
E
The
fact
is,
we
should
just
do
a
filtered
reification
in
those
cases.
Like
that's,
that's
the
proposal,
and
I
don't
really
see
much
downside
of
that.
If
you,
if
you
do
npm
install
foo
and
you
go
well,
why
isn't
bar
there
and
you
run
npm
install
cool
now
everything's,
there.
A
Yeah,
so
this
should
be
possible
now
with
the
changes
that
we
made
to
our
burst,
to
filter
by
node
right.
So
so.
E
A
So
action
on
our
side,
for
this
would
be
to
queue
up
the
work
to
actually
have
update
the
cly
install
lib
install
to
call
when
you
the
package
to
essentially
call
arborist
with
that
package
that
you
want
to
essentially
like
scope
that
install
to.
E
Yeah
so
well,
there's
two
ways
we
could
approach
it.
One
is
the
the
clay
could
pass
in
a
filter
nodes
argument
like
it
does,
for
workspace,
installs
or
or
actually
I'm
not
sure.
If
that's,
I
think,
arborist
just
gets
a
workspaces
argument
and
then
it
does
the
filter
nodes
thing
internally.
So
I
would,
I
would
probably
suggest
that
this
just
be
entirely
contained
within
arborist,
like
if
you
give
it
some
explicit
requests
that
it'll
only
reify
the
changes
like
if
you
give
it
an
explicit,
add
request.
It'll
only
refine
those
okay,
basically.
A
E
It's
that's
a
good
question.
It
it
probably
the
way
what
I
just
suggested
probably
is
assembler
major
on
arborist.
If
we
want
to
do
it
as
a
sum
for
minor,
then
it
would
have
to
be
a
new
field
that
you
can
pass
into
to
reify
a
new
option.
You
could
pass
your
refi
right
and
the
cly
would
just
start
doing
that.
A
Rebecca
had
a
question
here
before
we
jump
into
the
weeds
even
more
just
to
get
action
item
out
of
here.
Did
you
want
to
say
it
or
you
want?
I
can
say
it
on
your
behalf.
If
you
want.
C
Sure
yeah
so
with
the
behavior
that
isaac's
describing
sounds
the
way
I
remember
npm5
behavior
working,
which
is
that
you
ask
for
a
single
package,
it
loads
the
ideal
tree.
It
adds
that
dependency
and
then
it
does
whatever
you
know
additional
it
does
that
that
one
package
into
the
result-
and
so
I
I
would
expect
to
say
that
is
to
say
it
would-
then
you
know,
find
all
the
sub
dependencies
and
so
on
for
that
and
add
them
to
the
new
ideal
tree
and
then
save
that
down
to
your
log
file.
C
So
I
guess
I'm
surprised
that
the
actual
user
behavior
changed
it.
It
sounds
like
it
should
be
doing
essentially
the
same
thing
that
it
was
now
this
new
thing
where
it'll
only
install
the
like
the
the
filtering
thing
sounds
really
cool,
but
is
I
think
that
would
fix
a
npm
5
limitation
as
well?
E
C
Because
my
understanding
of
how
npm
6
worked
is
that
it
added
it
to
the
dependency
list
first
and
then
it
just
ran
the
normal
install.
A
D
A
E
B
There's
something
else
to
the
use
case:
if
that's
the
actual
behavior
in
v6,
then
I'm
confused,
because
I
I
didn't
go,
try
and
reproduce
this
myself,
but
both
the
issue
and
the
user
in
irc
seems
to
be
suggesting
that
npm
6
would
not
install
like
that.
If
I
rmrf'd
a
specific
dependency
and
then
I
did
npm
install
foo,
that
specific
dependency
wouldn't
be
restored,
like
necessarily
in
npm
six,
but
it
would
in
npm
seven.
B
E
So
if
this
was
the
way
that
npm
6
behaved,
which
it
is
not
unless
there's
some
other
context
here
that
I'm
missing,
I
just
tested
it
while
rebecca
was
talking,
but
if
npm,
6
and
npm
7
are
the
same,
then
changing
it
by
default
in
npm.
7
is
a
pretty
drastic
move
right,
because
there's
I'm
willing
to
bet
that
there's
somebody
out
there,
depending
on
the
fact
that
they
can
just
add
a
new
depth
and
also
get
all
of
their
other
depths
right.
E
It
could
still
be
opt-in
as
a
feature,
and
that
seems
valuable.
I
mean
this
person
wants
it
so
there's
greater
than
zero
people
who
would
benefit.
B
F
Okay,
hey
sorry,
I
was
late.
So
I'm
sorry
if
this
was
covered
already,
but
one
of
the
things
when
I
read
this
originally
was
that
came
to
mind
is
the
fact
that
in
pm
and
again
I
don't
know-
I
don't
know
if
it's
six
or
seven
or
if
there's
a
difference
there,
but
I
know
for
sure
seven
does,
because
it's
been
hitting
me
a
bunch
lately
when
it
does
make
those
other
changes
to
the
tree.
That
includes
things
like
changing
links.
F
F
So
even
if
it's
not
even
if
it's
not
just
whether
there's
a
difference
or
not
between
npm,
six
and
seven
and
whether
or
not
this
is
a
feature
or
a
bug
that
we
wanna
like
address,
the
current
workflow
is
is
pretty
disruptive
if
you're
doing
like
local
package
development
between
a
few
different
packages.
So
I
would
like
to
see
this
get
addressed
one
way
or
the
other.
If
we
make
it
a
flag,
you
know
if
it
doesn't
config
like.
F
G
Yeah,
I'm
just
reading
the
rfc
here
and
I
want
to
take
a
step
back
and
I
want
to
make
sure
that
what
we're
talking
about
solves
the
root
problem
here
right
there
they're
saying
what
they're,
what
what
they're
trying
to
do
is
have
common
depths
in
a
project
and
then
install
them
into
each
workspace,
reducing
install
time
and
disk
usage.
I'm
just
the
connection
between
that
and
their
request
is
tenuous
to
me.
G
A
You
know
yeah,
I
think
isaac
noted,
and
I
think
I
if
this
is
the
same
person.
There
was
a
previous
issue
talking
about
like
different
depths,
that
sets
of
depths
that
you
could
install,
and
I
I
think
I
noted
as
well.
Once
we
add
workspace
awareness
to
npm,
install
you'll
be
able
to
essentially
scope.
You
know,
let's
say
your
build
or
dev
or
your
server
depth
into
like
a
workspace
essentially
and
then
be
able
to
essentially
have
a
scope
install.
So
that
might
be
the
feedback
we
give
for
the
specific
rfc.
A
If
we
don't
want
to
change
this
to
as
you're
saying
gar,
like
kind
of
like,
oh
my
goodness,
what's
the
name,
what's
the
word,
but
essentially
like
bloat
or
change
the
actual
scope
of
what
they're
trying
to
do.
But
it
does
sound
like
oh
there's,
a
real
rc
here
that
could
be
made
before
filtered
node
install.
E
Okay,
I
found
the
extra
bit
of
context.
It
is,
if
you
do
not
have
a
lock
file,
then
npm
6
would
not
install
everything
and
npm
7
will,
if
you
don't
have
a
lock
file,
still
just
build
as
much
as
it
can
based
on
starting
with
your
your
group
project.
B
E
E
Yeah
we
should
be
able
to
audit
reified
package
trees
as
well,
just
as
well
as
we
can
audit
or
or
an
ideal
tree
that
has
no
lock
file
like
yeah.
We
part
of
the
one
of
the
one
of
the
somewhat
somewhat
implicit,
somewhat
explicit
design
goals
of
arborist
is
that
you
know
a
lock
file
is
a
is
a
helper.
It
gets
us
information
about
intent
and
it
gets
this
information
about
kind
of
skips
skips
a
big
part
of
the
build
ideal
tree
process.
E
B
So
so,
given
that
as
a
constraint,
which
makes
sense
to
me,
then
it
seems
like
we
should
add
some
sort
of
flag
or
configure
whatever
to
allow
people
to
opt
into
this,
whether
they
have
a
lock
file
or
not.
And
then,
given
that
this,
that
behavior
is
probably
what
I
think
most
people
would
want.
Perhaps
npm
8
could
flip
the
default
of
that
flag.
E
I'm
not
sure
it
is
what
most
people
would
want,
because
it's
in
the
in
the
default
with
npm
6
is
that
you
get
a
lock
file
and
the
behavior
in
npm
6
is
that
if
you
have
a
lock
file,
npm
install
foo
will
install
everything.
So
you
know
I
always.
I
always
find
it's
best
to
kind
of
assume
that
the
overwhelming
majority
of
users
are
doing
the
default
thing
right.
B
Right,
but
I
I
think
it's
my
assumption
would
be
that
they're
all
running
npm
install
long
before
they're
typing
npm
install
foo,
meaning.
I
think
that
the
users
that
are
actually
depending
on
npm,
install
foo
installing
everything
like.
I
can't
imagine
that
anyone's
knowingly
doing
that,
even
if
they
all
have
a
lock
file.
Even
if
you
know
well
like
I
think,
everyone's
installing
first
and
then
adding
packages
after.
E
So
if
we
change
that
behavior
by
as
a
default,
I'm
not
sure
that
most
people
want
this.
Like.
A
So,
just
to
be
mindful
of
time
here
it
sounds
like
maybe
wes
and
jordan.
You
both
said
that
you
would
potentially
use
this,
and
this
would
be
helpful,
so
100.
A
Maybe
either
one
of
you
could
either
recommended
men
the
changes
to
this
rfc
or
create
a
new
one
that
explicitly
talks.
It
might
be
easier
to
start
a
new
one.
That
just
is
like
here's
a
flag
that
you
can
pass
to
install
to
to
stabilize
this
this
behavior
or
to
change
it
to
what
you
want
like
inserted
in
in
terms
of
the
filtered
node
experience
right,
filtered
node,
install
experience,
yeah.
F
Okay,
so.
E
Know
there's
a
xy
problem
happening
here
like
let's,
let's
dig
into
the
actual
problem
that
they're
trying
to
solve,
with
a
single
with
a
filtered
install
and
then
maybe
make
a
generic
like
here,
is
how
you
can
filter
your
in
your
reification
and
expose
that
to
the
users
that
semverminer.
That
would
give
jordan
and
wes
and
this
person
that
particular
tool.
E
But
there's
I
wouldn't.
I
wouldn't
just
kind
of
implement,
as
requested.
A
Exactly
so,
I'm
just
taking
notes.
A
Okay,
so
if
there's
any
more
feedback
or
commentary
feel
free
to
give
or
comment
on
the
rc
itself,
ac
moving
on
to
issue
363,
this
is
npm.npm
ignore
include,
ignore
this
is
by
jordan,
essentially
well
I'll.
Let
you
explain
your
thoughts
on
on
this
issue.
B
Sure
yeah,
so
I
mean
the
problem,
is
that
although
opinions
may
differ,
I
find
the
using
the
files
array
incredibly
dangerous,
because
I
would
much
rather
suffer
the
consequence
of
I
have
to
rotate
a
secret
than
suffer
the
consequence
of
I
broke
a
single
user
ever
by
accidentally
omitting
a
file.
B
Whenever
I
you
know,
whenever
I
make
a
file
system
related
changes,
I
have
to
make
sure
that
they're,
either
present
or
absent,
as
expected
in
git,
ignore
an
npm
ignore
like
synchronous
or
together,
and
what
would
make
much
more
sense
to
me
and
be
much
more
simple
is
if
there
was
some
way,
I
could
have
a
file
be
effectively
a
diff
on
top
of
git
ignore
so
that
if
you
can
cat
get
ignore
and
this
other
contents
together,
you
get
npm
ignore
automatically,
because
then
my
better
npm
ignore
file
would
essentially
just
always
be
like
git
ignore
but
like
negate
out
the
the
build
output
directory.
B
You
know
and
things
of
that
nature
or
like
negate
out
the
tests.
Perhaps
things
like
that?
I
am
very
interested
in
how
doing
this
backwards
compatibly,
because
my
personal
use
case
won't
be
solved
if
I
have
to
wait
10
years
to
to
be
able
to
use
it
exclusively,
and
I'm
aware
that
there's
not
a
simple
implementation
solution
to
do
it.
So
one
thing
I
thought
of
as
a
category
was:
if
there's
any
sort
of
npm
ignore
syntax
that
you
could
use
that
would
crash
an
npm
version
that
didn't
know
how
to
handle
it.
B
Then
that
syntax
is
what
we
could
use
to
put
the
npm
ignore
file
into
better
mode,
and
that
way
the
wrong
thing
wouldn't
happen
on
older
npms.
It
would
just
tell
you
like
some
error,
but
I
there
doesn't
appear
to
be
any
such
syntax
and
then,
similarly,
an
alternative
file
wouldn't
really
work,
because
I'd
still
then
have
to
have
crap
npm,
ignoring
good
npm,
ignore
in
all
my
projects.
B
B
E
In
npm
ignore
it,
it
was
a
long
story.
Another
day.
B
B
B
So
the
only
idea
that
other
idea
I
can
think
of
besides
syntax,
you
know
that
crashes
old
stuff,
an
alternative
file
which
is
not
good
for
the
reasons
mentioned,
would
be,
I
suppose,
a
package.json
field,
although
I
don't
like
the
idea
of
adding
one
but
like
that,
still
doesn't
really
help
me
if
I
have
to
still
maintain
them
ignore
file.
So
I'm
kind.
B
E
B
H
Is
this
a
place
where
a
npm
feature
polyfill
would
work
where,
like
we
have
a
tiny
script,
that
people
can
mpx
or
npm
exec?
That
does
the
correct
thing
and
then
that
that
kind
of
provides
that
backwards,
compatibility,
you're,
saying
new
npm
would
use
this
or
old
npm.
B
B
A
So
I'm
wondering
is
this
like
a
check
that
you
want
to
do
as
well,
though,
like
like
how
you're
saying
today
the
way
that
you
facilitate
this?
Is
you
have
to
like?
Keep
these
things
in
sync,
you
have
to
like
diff.
These
isn't.
If
we
were
to
provide
to
something
to
you
in
terms
of
we've
already
talked
about
published
prompts
before
like.
If
it
was
like
published
check
like
publish
validation,
then
you
could
like
potentially
utilize
that
to
write
that
condition
that
you
could.
The
problem
is
that.
B
E
B
Yeah
and
if
that's
true
so
yeah,
and
if
if
the
end
result
here
is,
is
that
that's
what
I'd
be
forced
to
do
then
so
be
it?
I
may
end
up
doing
that,
but
it
it
would
seem
to
it
like.
B
Foreign
for
anyone
who
isn't
who
is
already
using
npm
ignore
who
wants
a
an
exclude
list
approach
instead
of
an
include
list
approach
like
the
current
way
it
works
is
insufficient,
for
I
think
everyone,
and
what
I'm
proposing,
I
think,
would
be
better
for
everyone
in
that
group.
B
You
know
I'm
sure
this
somebody
will
pop
out
of
the
woodwork
and
say
they
actually
like
the
current
behavior,
but,
like
I,
I've
still
never
seen
an
example
so
like
it's,
it
would
be
seemed
very
unfortunate
to
me
if
we
ended
up
concluding
that
this
would
be
like
concretely
better
in
every
case,
but
we
can't
like,
but
there's
no
great
way
to
do
it.
So
do
it
yourself,
even
though
that
might
is
a
viable
workaround
yeah.
G
B
B
E
B
I
want
every
I
want
the
stuff
I
give
to
other
people
to
to
work
as
well
as
possible
and
the
stuff
I
use
for
myself
to
be
as
restricted
as
possible.
You're.
E
E
Yeah,
so
I
think,
crashing
old
and
crashing
a
behavior,
that's
going
to
fail
on
old
npms.
It's
it's
going
to
be
on
you
to
just
kind
of
make
sure
you
don't
do
that
right,
but
yeah
having
having
a
like
gar,
said
having
a
flag.
That's
additive
like
that,
would
be
really
easy,
and
then
that
opens
the
door
to
yeah,
we'll
just
put
a
pragma
in
dot
npm
ignore
that
does
that
I,
I
think.
Actually
you
know
just
just
having
it
even
as
like
a
comment.
E
Syntax
like
pound
bang
include
dot,
get
ignore,
like
that's.
Fine
and
that'll
be
ignored
by
old
npms.
So
if
you
install
with
an
old
npm
it'll,
be
maybe
a
you
know,
half
empty
package
or
something
or
a
package
that
includes
all
your
ignored
stuff,
but
at
least
moving
forward.
You
know
it.
It
saves
us
there.
I
don't
think
it
even
needs
to
be
a
flag
in
the
client
could
just
be
a
thing
that
we
a
feature
we
implement
and
hey.
It's
only
supported
as
of
7.12
or
whatever.
B
B
If
there's
anything,
I
can
just
like
I'm
happy
to
put
something
in
the
pre-published
script
or
whatever
that
just
says
like
effectively.
If
npm
doesn't
support
this
feature
crap
out
but
like
I
need
a
way
to
do
that
and
I
feel.
E
If
we
had
a
new,
let's
say
we
added
a
new
top
level
command
or
just
tacked
it
onto
you
know
if
you
run
npm
versions
right
now,
we
just
dump
the
version
of
npm
and
node
and
all
the
nodes
things
if
we
made
that
look
more
like
you
know,
when
you
run
vim
version
right
it,
it
prints
out,
like
every
switch,
that
it
was
configured
with
so
that
you
can
deterministically
see
like
which,
which
features
have
been
turned
on
or
off
a
lot
of
tools
do
this
like.
E
E
B
E
A
I've
been
trying
to
get
us
to
relocate
doctor
and
which
feels
like
you
know
these
types
of
things
like
the
sanity,
checks
etc.
Like
I
feel
like
there's
a
case
for
us
to
look
at
doctor
figure
out
if
it
like
what
feature
set,
it
supports
what
why
we
have
those
checks
in
place
and
then
also
maybe
expand
it
right,
yeah
yeah,
it
needs
polish,
but
potentially
npm
doctor
and
then
supports.
A
You
know
like
a
a
sub
command
and
then
for
that
in
the
future
that,
like
you
literally,
can
rely
on
that
to
just
fail,
like
for
config
yeah
thing
to
check
yeah
doctor
thing
to
check
even
yeah,
so
more
arbitrary
checks,
yeah
would
be
nice,
so
yeah.
It
feels
like
there
could
be
a
lot
of
improvements
made
to
npm
doctor,
which
we
could
you
know
expand
upon,
and
that
would
be
the
right
scope
for
that
kind
of,
like
validation
but
yeah.
That
feels
a
little
bit
different.
A
D
Oh
no,
no,
I
was
just
looking
at
the
the
rest
of
the
things
and
I'll
just
keep
my
eyes
open.
Thanks,
guys,
cheers.
D
A
Just
to
be
sensitive
to
time
as
well,
because
there's
about
20
minutes
left
if
we
have
any
other
feedback,
we
want
to
give
on
like
this
rrfc,
like
this
issue
and
thread
and
maybe
give
some
context
from
this
conversation
back
to
that
issue
would
be
great.
It
sounds
like
there's
a
couple
ideas
that
could
sprout
an
rfc.
I
you
know
specifically
jordan
if
you
think
that
there's
something
you'd
like
that,
we
could
have.
A
That
would
essentially
help
us
in
the
future
too,
like
something
like
that
that
validation,
our
supports
you
know,
and
if
there's
a
way
that
we
could
like
somehow
backport
that
or
have
an
identifier
for
you
to
use
and
yeah.
B
A
Okay,
moving
on
then
to
rc
343,
so
this
is
roy's,
unfortunately
he's
out
this
week,
but
it's
essentially
the
idea
of
auto
switching
the
context
based
on
the
cur
switching.
I
think
the
current
working
directory
when
we're
running
workspace
commands.
A
So
the
idea
would
be
here-
and
I
think
I've
explained
this
before
that
if
I
were
to
be
running
a
workspace
command
inside
of
or
if
I'd
be
running
a
command
inside
of
a
workspace
like
npm
install,
it
would
actually
de-sugar
to
as
if
I
were
running
that
in
the
root
of
my
workspace,
so
it
would
be
npm
install
workspace
whatever
that
workspace
was,
and
so
that
was
the
idea
behind
this,
and
I
think
that
we
discussed
the
last
time
we
talked
about
this.
A
You
know,
jordan,
you
brought
up
and
it
looks
like
you
even
added
it
here
in
terms
of
defining
a
workspace
or
or
somehow
making
that
connection
explicit
within
the
actual
workspace
back
to
the
the
parent.
I'm
not
sure
if
there's
any
any
other
conversations,
unless
you
were
the
last
one
to
like
note
or
comment
on
this,
I'm
not
sure
you
know,
I'm
not
sure
if
we
currently
it's
implemented
not
this
way.
Currently
we
don't
support
this,
so
this
would
be
like
a
net
new
capability,
but
yeah,
I'm
not
sure.
E
So
my
my
only
comment
on
this
was
it
is
extremely
hazardous
and-
and
it
is
extremely
perilous
to
to
say-
oh
I'm
in
a
folder
and
you're
running
npm
install.
E
Without
making
any
explicit
changes
to
just
implicitly
for
what
that
were
in
a
workspace,
we
we
kind
of
tossed
it
or
tossed
it
about
and
talked
about
it.
But
it's
it's
really
really
hazardous.
You
know
there's
already
some
cases
like
that,
where
we
walk
way
further
up
the
package
up
the
folder
tree
than
we
really
ought
to
so
one
thing
that
we
had,
or
one
idea
that
occurred
to
me
as
we
put
some
definitive
marker
in
the
workspace
that
says
this
is
a
workspace
and
its
root
is
x.
E
What
that
means
is,
though,
that
that
gets
away
from
you
know
wes's
kind
of
suggested
design
constraint,
which
we've
managed
to
meet
so
far,
which
is
that
if
I,
if
I
have
a
folder-
and
I
have
a
bunch
of
just
checked
out
projects-
they
don't
need
to
know
that
they're
workspaces,
they
don't
need
to
have
anything
in
them
to
define
them
as
workspaces,
and
I
can
run
workspace
commands
and
have
it.
You
know,
build
their
package
trees
in
a
way
that
will
work
with
them
and
pass
their
tests.
E
In
this
case,
we
would
have
to
put
some
kind
of
marker
in
that
folder
to
say
this
is
where
you
need
to
go
look
for
the
root
project,
so
that
kind
of
gets
us
away
from
that.
You
know
it's
a
violation
of
that
constraint,
somewhat
yep.
That's
it!
That's
it
for
me,.
A
So,
are
you
basically
saying
you're
in
favor
of
jordan's
suggestion,
then
making
like
an
explicit
file
that
points
to
the
root?
Is
that
kind
of
what
you're
saying.
E
Well,
I'm
I'm
offering
that,
as
I
don't
know,
if
I'm
in
favor
of
it,
in
any
case,
I
I
can
see
the
value,
but
I'm
more
just
saying
like
that
is.
That
is
the
way
that
we
could
do
this.
This
proposal
right
like
with
in
a
way
that's
not
hazardous,
but
it
does.
I
mean
I'm
calling
out
that
it
does
violate
that
prior
kind
of
design,
constraint.
A
I
would
also
because
we
brought
this
up
like
preemptively,
I'm
wondering
like
how
time-sensitive
this
really
is
like
so
far
like
not
that
many
people
have
complained,
maybe
because
we're
still
slowly
seeing
adoption
of
our
workspace
implementation
so
and
we're
rolling
out
more
and
more
command
support.
So.
F
I
guess
would
be
that
I
I
know
for
sure
some
of
the
things
that
are
not
yet
supported
are
just
blockers
for
for
option,
at
least
most
of
the
main
projects
at
netflix,
though
so
you're
not
going
to
get
yeah
I've
been
able
to
get
much
feedback
other
than
yeah
it
installs.
You
know
so
we'll
need
those
commands
before
we
can
know
whether
this
is
really
a
priority
or
not.
A
Right,
it
does
seem
like
it's.
This
is
for
an
improved
developer
experience
right
if
you
like,
if
your
expectation
also
like,
what's
your
expectation
inside
of
a
workspace
like,
do
you
want,
for
whatever
reason
just
to
install
in
place
like
that
folder
or
run
that
command
explicitly
in
that
directory
and
not
like
you
might.
F
I
think
one
thing
that
is
a
requirement
not
just
is
the
thing
I
mentioned
here
where
you
should
be
able
to
install
a
sibling
package
without
having
to
go
somewhere
else,
and
I
think
that's
a
user
experience
requirement
because
I
don't
think
people.
E
Right,
because
what
you
want,
is
it
to
set
up
the
proper
links.
So
what?
If
what
happens
so
yeah
there's
a
question?
There's
an
open.
I
have
a
draft
pr
which
is
the
last
on
the
agenda.
We
probably
won't
get
to
to
talk
about
kind
of
how
we
link
or
which
things
are
shared
and
which
things
are
not
and
so
on,
but
would
it
work
to
do
npm
install
b,
dash
dash
yeah
npm,
install
dot,
slash
b,
dash
dash
workspace
equals
a
that's.
That's
that's.
A
Yeah
what
I
just
typed
in
chat,
I
think,
should
do
exactly
what
you're
talking
about
wes
here
once
like
in
a
little
bit
by
the
way
so
like
in,
like
you
know,
hopefully
the
next
like
definitely
by
the
end
of
this
quarter,
but
even
within
the
next
month.
We
we
have
the
ability
to
do
this
today.
Our
isaac
did
the
work
in
our
risk
to
actually
have
the
support.
We
just
need
to
wire
up
all
the
or
npmi
yeah.
F
A
It
won't
know
because
it
doesn't
install,
doesn't
support
workspaces
or
workspace.
Yet.
F
F
A
So
it
sounds
like
just
again
I'd
like
to
try
to
get
to
a
couple
of
those
last
items
here
for
folks
that
are
interested
in
in
this,
we'll
probably
keep
it
open
for
now.
It
sounds
like
there's
no
immediate
change
that
we're
we're
going
to
move
forward
with.
A
Also
it
would
be
great
to
have
roy
back
to
actually
speak
to
this,
since
I
think
he
hasn't
been
able
to
join
the
last
time
a
few
times
that
we've
actually
talked
to
this,
so
so
we'll
leave
it
open
for
now
and
feel
free
to
add
comments
in
the
pr
itself.
So
moving
on
nilf
had
put
together,
rfc
336,
the,
where
config
parameter,
for
example,
exec
and
npm
config.
A
I
So
high
level
right
now,
npm
config,
we
have
npm
config
set,
and
it
is
by
default.
Changing
your
user
level
config
you
can
pass
global.
It
will
change
your
global
config,
there's
no
way
to
use
npm
config
set
to
modify
a
project
level
config.
I
I
It
would
also
apply
to
npm
config
git,
because
it
would
allow
you,
instead
of
seeing
a
list
of
all
of
your
configs
merged
together,
you
could
list
the
contents
of
just
one
of
them,
then
the
other
place
where
this
seems
like
it
would
really
have
some
advantages
in
npm
exec.
One
of
the
things
that
we
get
a
lot
of
questions
about
is
when
something's
installed
and
you
run
it
with
npx.
What
does
it
actually
run
and
right
now
it
is
kind
of
a
strange
cascade
of
things.
I
I
Where
seemed
to
make
sense
to
me,
it
is
used
internally
in
some
spots
and
in
a
couple
of
dependencies,
but
it
didn't
seem
like
it
was
super
widespread.
So
I
don't
think
that's
a
blocker.
I
A
Anybody
have
any
like
negative
feedback
to
this
any.
Like
reason,
we
would
push
back
on
this
other
than
the
name
yeah
other
than
the
name.
This
is
great
okay,
so
maybe
we
can
just
come
up
with
a
a
poll
or
something
for
a
few
different
names
and
see
which
which
one
folks
prefer
like
location
or
be
it
very,
very
explicit,
like.
B
Yeah
and
to
be
clear,
I
don't
think
there's
any
problem
with
the
word
where
I
think
that's
quite
appropriate
here.
I
think
the
problem
is
that
due
to
the
design
of
npm
config
and
how
a
config
flag
applies
to
every
command
that
it
needs
to
be
named
in
such
a
way
that
it's
clear
that
it
only
applies
to
this
one
command,
config,
config
location,
might
be.
E
Whatever
yeah,
it's
actually
two
commands,
though
at
least
because
we
have
sure,
but
for
exec
as
well.
B
G
I
E
D
A
Great
I'll
put
an
action
there
for,
for
that
tuning.
Did
you
want
to
quickly
update
on
182.
H
Quick
update,
I
rewrote
the
rfc
to
be
focused
on
using
licensee.
There
are
some
changes
in
there.
It
also
based
off.
So
I
have.
I
have
retained
it
as
npm
audit
license.
I
I
do
think
that's
the
better
api
or
yeah.
I
think
that's
the
better
api,
but
I'm
not
hard
attached
to
it,
but
based
on
some
of
jordan's
feedback,
I
did
also
add
some
an
additional
commands,
a
flag
section
to
make
it.
So
no
audit
does
both
well,
so
it
would
all
it.
H
This
would
also
mean
we
add
mpm
audit
security
to
just
do
security
stuff
and
no
audit
security
and
audit
license.
Then
audit,
like
no
audit,
does
both
those
are
all
flags
and
npm
audit
would
do
both.
B
E
B
E
I
have
all
over
the
place
because
I
don't
want
to
see
false
positives.
I
mean
there's,
there's
a
there's
a
way
to
construct
that
that
setup,
probably
so
that
we
can
say
explicitly.
I
do
want
to
audit
licenses.
H
Yeah
or
just
or
just
yeah,
like
yeah,.
H
I
yeah,
and
I
I
would
specifically
I
I
think
this
was
also
a
note
that
both
kat
and
rebecca
shared
with
me-
or
maybe
it
was
just
cat.
I
don't
know
it
was
someone
originally
that
was
kind
of
the
scope
of
audit,
and
I
know
that
might
have
changed
but
like
to
be
able
to
expand
that
and
have
it
be
more
of
a
of
a
broad
range
rather
than
just
cves.
E
H
B
H
D
B
Yeah,
whatever
the
direction
I
mean,
what
I
mean
is
that
there
could
be
something
could
be
suddenly
dual
licensed
in
the
next
version
and
the
next
version
would
satisfy,
and
so
that's
something
a
fix
could
do
and
it'd
be
probably
nice
to
do
that,
because
then
it
reduces
the
amount
of
manual
license
leg
work.
One
has.
H
To
do
to
make
the
lawyers
happy
yeah
yeah
I
can.
I
can
add
that
that
I
am
happy
to
add
that
to
the
additional
commands
of
flag
sections
awesome.
A
Right
yep,
so,
unfortunately,
we
had
two
other
items
which
we
probably
won't
get
to
since
we're
essentially
that
time
but
feel
free
to
comment
on
156,
the
rrfc,
optional,
install
and
isaac's
put
on
here
a
net
new
rc
which
is
defining
dependencies
and
how
they
are
shared.
So
jordan.
I
know
you'll
be
interested
in
this
and
it's,
I
think,
isaac.
If
you
want
to
speak
to
this,
I
know
you're
not
super.
E
The
this
is
just
discussing
the
user
experience
and
and
sort
of
the
the
defaults
in
the
semantics
of
like
what
we
what
we
share
and
when
between
workspace
projects,
I
actively
hate
the
kind
of
straw
proposal,
package.json
syntax
for
defining,
which
things
get
isolated,
which
ones
don't
so
burn
that
all
down
give
me
a
better
way
cause.
I
will
be
really
sad
if
this
is
what
we
land
on
yeah.
That's.
A
That's
a
good
cap,
yet,
okay,
with
with
that
said,
we'll
leave
those
on
the
agenda
appreciate
everybody
joining
today
and
hopefully
we
can
keep
working
on
the
stuff
together,
async
and
we'll
be
back
again
next
week,
and
hopefully
you
all
have
a
great
day
thanks.