►
From YouTube: Open RFC Meeting - Wednesday, May 5th 2021
Description
In our ongoing efforts to better listen to and collaborate with the community, we run an Open RFC call that helps to move conversations and initiatives forward. The focus should be on existing issues/PRs in this repository but can also touch on community/ecosystem-wide subjects.
A
And
we're
live,
welcome
everyone
to
another
npm,
open
rc
meeting
today's
date
is
wednesday.
May
5th
2021
will
be
following
along
the
agenda
that
was
posted.
I
believe
in
issue
number
374
on
the
npm
rc's
repo
I've
copy
and
pasted
in
chat.
The
meeting
notes,
talk,
feel
free
to
add
yourself
as
an
attendee,
and
I
will
have
to
apologize
for
my
internet.
I
hope
it
stays
up
throughout
the
meeting,
but
if
not,
I
would
ask
if
somebody
could
potentially
try
to
record
locally.
I
believe
there's
a
few
folks.
A
I
can
make
co-hosts
and
I'll
do
that
now
and
yeah
we'll
be
jumping
into
the
agenda
here.
First
and
foremost,
I
want
to
give
an
acknowledgement
that
these
calls,
as
well
as
any
columns
on
the
rc's
forum
or
sorry,
the
rfc's
repo
are
covered
under
code
of
contact,
and
these
calls
we
just
asked
that
you
be
polite
and
respect
when
other
folks
are
speaking.
Please
raise
your
hand
if
you
have
a
comment
and
we'll
call
on
you
and
yeah
just
be
mindful
and
thoughtful
of
others
on
these
calls
in
terms
of
announcements.
A
A
I
think
one
of
the
panels,
so
the
package
maintenance
working
group
has
a
session
and
I
think
also
wes
was
wesley
todd
who's.
A
part
of
these
calls,
often
and
myself
are
going
to
help
try
to
run
the
first
open,
js
cloud
cloud
working
group.
I
guess
we're
calling
it
cloud
collaboration
space
for
package,
vulnerability,
maintenance,
so
we've
kicked
off
for
repo
there.
I
can
share
the
issue,
the
tracking
issue,
that
we
have
for,
if
you'd
like
to
get
involved
and
want
to
be
a
part
of
that
call.
A
A
B
B
I
don't
know
if
it's
not
clear
to
me
whether
how
intentional
the
change
was
like,
or
at
least
how
thought,
through
the
consequences
of
the
change
were,
even
if
it
were,
it
was
intentional,
like
what
it
what
nvm7
currently
does
makes
is
defensible
right
like
it.
It's
basically
saying
at
all
times.
I
want
to
give
you
the
best
possible
tree,
but
I
think
that
it's
surprising
and
like
defies
expectations.
C
D
B
For
development
workflows
or
if
you're,
trying
to
manually
install
things
one
at
a
time
to
test
different
versions
of
things
or
just
try
things
out,
and
so
it
like
this
seems
like
it
goes
in
more
in
the
worst
direction
of
that
of
like
continue
like
like
it's
telling
me
what
my
node
module
should
be,
and
no
I'm
telling
you
what
my
module
should
be.
You
need
to
do
what
I'm
telling
you
not
what
you
think
is
best,
so
it
kind
of
just
feels
like
it.
E
It's
more,
you
know,
even
if,
if
you
ins,
if
you
tell
us
to
install
one
thing,
we'll
actually
install
everything,
it's
more,
that
it's
more
a
ramification
of
the
or
you
know
outcome
of
the
way
that
we
do
add
a
new
package
of
tree,
which
is
we
say,
okay.
Well,
let's
add
this
new
dependency
from
the
root
package
and
then
do
what
we
do
right
so
and
then
just
do
a
reification
which
is
kind
of
just
the
simplest
way
to
go
about
it.
E
The
the
thing
is
now
we
just
recently
not
too
long
ago
added
the
ability
to
install
just
a
single
workspace
and
what
this
will
do
so
the
complexity.
If
I
said,
if
you
say,
npm
install
foo
and
we
only
install
foo
well,
foo
depends
on
something
and
that
something
is
you
know
also
has
to
be
installed
somewhere
or
else
the
foo
you
installed
doesn't
really
work
and
there
may
be
deduplication
or
other
things.
E
We
have
to
account
for
the
fact
that
you're
going
to
later
install
something
else,
and
you
don't
want
to
have
to
shuffle
more
of
the
package
tree
than
you
need
to.
So
we
do
still
need
to
build
the
entire
ideal
tree
and
save
that
to
the
package
json.
But
as
far
as
what
we
actually
put
on
disk,
we
can.
We
have
the
capability
now
to
limit
it
to
just
a
particular
sort
of
branch
of
the
dependency
graph.
E
B
E
E
I
think
a
while
ago,
it's
not
the
case
that
npm
install
foo
in
a
packet
in
a
tree
in
a
project
with
a
package
lock
is
going
to
be
the
same
guaranteed
as
npm
install
foo
in
an
empty
project
right
because
if
foo
has
a
dependency
which
could
be
deduplicated
by
something
else,
that's
going
to
be
in
the
tree
later
we're
going
to
give
you
that
different
version.
Based
on
that
context,
so
I
mean,
I
think
I
think
all
this
like
it's
too
much
in
the
weeds
for
anybody
to
really
care
about.
E
A
E
E
Yeah
so
well,
there's
two
ways
we
could
approach
it.
One
is
the
the
clay
could
pass
in
a
filter
nodes
argument
like
it
does,
for
workspace,
installs
or
or
actually
I'm
not
sure.
If
that's,
I
think,
arborist
just
gets
a
workspaces
argument
and
then
it
does
the
filter
nodes
thing
internally.
So
I
would,
I
would
probably
suggest
that
this
just
be
entirely
contained
within
arborist,
like
if
you
give
it
some
explicit
requests
that
it'll
only
reify
the
changes
like
if
you
give
it
an
explicit,
add
request.
It'll
only
refine
those
okay,
basically.
A
E
It's
that's
a
good
question.
It
it
probably
the
way
what
I
just
suggested
probably
is
assembler
major
on
arborist.
If
we
want
to
do
it
as
a
sum
for
minor,
then
it
would
have
to
be
a
new
field
that
you
can
pass
into
to
reify
a
new
option.
You
could
pass
your
refi
right
and
the
cly
would
just
start
doing
that.
A
C
Sure
yeah
so
with
the
behavior
that
isaac's
describing
sounds
the
way
I
remember
npm5
behavior
working,
which
is
that
you
ask
for
a
single
package,
it
loads
the
ideal
tree.
It
adds
that
dependency
and
then
it
does
whatever
you
know
additional
it
does
that
that
one
package
into
the
result-
and
so
I
I
would
expect
to
say
that
is
to
say
it
would-
then
you
know,
find
all
the
sub
dependencies
and
so
on
for
that
and
add
them
to
the
new
ideal
tree
and
then
save
that
down
to
your
log
file.
C
E
A
D
A
E
B
There's
something
else
to
the
use
case:
if
that's
the
actual
behavior
in
v6,
then
I'm
confused,
because
I
I
didn't
go,
try
and
reproduce
this
myself,
but
both
the
issue
and
the
user
in
irc
seems
to
be
suggesting
that
npm
6
would
not
install
like
that.
If
I
rmrf'd
a
specific
dependency
and
then
I
did
npm
install
foo,
that
specific
dependency
wouldn't
be
restored,
like
necessarily
in
npm
six,
but
it
would
in
npm
seven.
B
E
So
if
this
was
the
way
that
npm
6
behaved,
which
it
is
not
unless
there's
some
other
context
here
that
I'm
missing,
I
just
tested
it
while
rebecca
was
talking,
but
if
npm,
6
and
npm
7
are
the
same,
then
changing
it
by
default
in
npm.
7
is
a
pretty
drastic
move
right,
because
there's
I'm
willing
to
bet
that
there's
somebody
out
there,
depending
on
the
fact
that
they
can
just
add
a
new
depth
and
also
get
all
of
their
other
depths
right.
E
B
F
Okay,
hey
sorry,
I
was
late.
So
I'm
sorry
if
this
was
covered
already,
but
one
of
the
things
when
I
read
this
originally
was
that
came
to
mind
is
the
fact
that
in
pm
and
again
I
don't
know-
I
don't
know
if
it's
six
or
seven
or
if
there's
a
difference
there,
but
I
know
for
sure
seven
does,
because
it's
been
hitting
me
a
bunch
lately
when
it
does
make
those
other
changes
to
the
tree.
That
includes
things
like
changing
links.
F
F
So
even
if
it's
not
even
if
it's
not
just
whether
there's
a
difference
or
not
between
npm,
six
and
seven
and
whether
or
not
this
is
a
feature
or
a
bug
that
we
wanna
like
address,
the
current
workflow
is
is
pretty
disruptive
if
you're
doing
like
local
package
development
between
a
few
different
packages.
So
I
would
like
to
see
this
get
addressed
one
way
or
the
other.
If
we
make
it
a
flag,
you
know
if
it
doesn't
config
like.
F
G
Yeah,
I'm
just
reading
the
rfc
here
and
I
want
to
take
a
step
back
and
I
want
to
make
sure
that
what
we're
talking
about
solves
the
root
problem
here
right
there
they're
saying
what
they're,
what
what
they're
trying
to
do
is
have
common
depths
in
a
project
and
then
install
them
into
each
workspace,
reducing
install
time
and
disk
usage.
I'm
just
the
connection
between
that
and
their
request
is
tenuous
to
me.
G
A
You
know
yeah,
I
think
isaac
noted,
and
I
think
I
if
this
is
the
same
person.
There
was
a
previous
issue
talking
about
like
different
depths,
that
sets
of
depths
that
you
could
install,
and
I
I
think
I
noted
as
well.
Once
we
add
workspace
awareness
to
npm,
install
you'll
be
able
to
essentially
scope.
You
know,
let's
say
your
build
or
dev
or
your
server
depth
into
like
a
workspace
essentially
and
then
be
able
to
essentially
have
a
scope
install.
So
that
might
be
the
feedback
we
give
for
the
specific
rfc.
A
If
we
don't
want
to
change
this
to
as
you're
saying
gar,
like
kind
of
like,
oh
my
goodness,
what's
the
name,
what's
the
word,
but
essentially
like
bloat
or
change
the
actual
scope
of
what
they're
trying
to
do.
But
it
does
sound
like
oh
there's,
a
real
rc
here
that
could
be
made
before
filtered
node
install.
E
B
E
E
Yeah
we
should
be
able
to
audit
reified
package
trees
as
well,
just
as
well
as
we
can
audit
or
or
an
ideal
tree
that
has
no
lock
file
like
yeah.
We
part
of
the
one
of
the
one
of
the
somewhat
somewhat
implicit,
somewhat
explicit
design
goals
of
arborist
is
that
you
know
a
lock
file
is
a
is
a
helper.
It
gets
us
information
about
intent
and
it
gets
this
information
about
kind
of
skips
skips
a
big
part
of
the
build
ideal
tree
process.
E
B
So
so,
given
that
as
a
constraint,
which
makes
sense
to
me,
then
it
seems
like
we
should
add
some
sort
of
flag
or
configure
whatever
to
allow
people
to
opt
into
this,
whether
they
have
a
lock
file
or
not.
And
then,
given
that
this,
that
behavior
is
probably
what
I
think
most
people
would
want.
Perhaps
npm
8
could
flip
the
default
of
that
flag.
E
I'm
not
sure
it
is
what
most
people
would
want,
because
it's
in
the
in
the
default
with
npm
6
is
that
you
get
a
lock
file
and
the
behavior
in
npm
6
is
that
if
you
have
a
lock
file,
npm
install
foo
will
install
everything.
So
you
know
I
always.
I
always
find
it's
best
to
kind
of
assume
that
the
overwhelming
majority
of
users
are
doing
the
default
thing
right.
B
Right,
but
I
I
think
it's
my
assumption
would
be
that
they're
all
running
npm
install
long
before
they're
typing
npm
install
foo,
meaning.
I
think
that
the
users
that
are
actually
depending
on
npm,
install
foo
installing
everything
like.
I
can't
imagine
that
anyone's
knowingly
doing
that,
even
if
they
all
have
a
lock
file.
Even
if
you
know
well
like
I
think,
everyone's
installing
first
and
then
adding
packages
after.
A
A
Maybe
either
one
of
you
could
either
recommended
men
the
changes
to
this
rfc
or
create
a
new
one
that
explicitly
talks.
It
might
be
easier
to
start
a
new
one.
That
just
is
like
here's
a
flag
that
you
can
pass
to
install
to
to
stabilize
this
this
behavior
or
to
change
it
to
what
you
want
like
inserted
in
in
terms
of
the
filtered
node
experience
right,
filtered
node,
install
experience,
yeah.
E
Know
there's
a
xy
problem
happening
here
like
let's,
let's
dig
into
the
actual
problem
that
they're
trying
to
solve,
with
a
single
with
a
filtered
install
and
then
maybe
make
a
generic
like
here,
is
how
you
can
filter
your
in
your
reification
and
expose
that
to
the
users
that
semverminer.
That
would
give
jordan
and
wes
and
this
person
that
particular
tool.
A
B
You
know
and
things
of
that
nature
or
like
negate
out
the
tests.
Perhaps
things
like
that?
I
am
very
interested
in
how
doing
this
backwards
compatibly,
because
my
personal
use
case
won't
be
solved
if
I
have
to
wait
10
years
to
to
be
able
to
use
it
exclusively,
and
I'm
aware
that
there's
not
a
simple
implementation
solution
to
do
it.
So
one
thing
I
thought
of
as
a
category
was:
if
there's
any
sort
of
npm
ignore
syntax
that
you
could
use
that
would
crash
an
npm
version
that
didn't
know
how
to
handle
it.
B
Then
that
syntax
is
what
we
could
use
to
put
the
npm
ignore
file
into
better
mode,
and
that
way
the
wrong
thing
wouldn't
happen
on
older
npms.
It
would
just
tell
you
like
some
error,
but
I
there
doesn't
appear
to
be
any
such
syntax
and
then,
similarly,
an
alternative
file
wouldn't
really
work,
because
I'd
still
then
have
to
have
crap
npm,
ignoring
good
npm,
ignore
in
all
my
projects.
B
B
B
B
B
So
the
only
idea
that
other
idea
I
can
think
of
besides
syntax,
you
know
that
crashes
old
stuff,
an
alternative
file
which
is
not
good
for
the
reasons
mentioned,
would
be,
I
suppose,
a
package.json
field,
although
I
don't
like
the
idea
of
adding
one
but
like
that,
still
doesn't
really
help
me
if
I
have
to
still
maintain
them
ignore
file.
So
I'm
kind.
B
E
B
H
B
B
A
So
I'm
wondering
is
this
like
a
check
that
you
want
to
do
as
well,
though,
like
like
how
you're
saying
today
the
way
that
you
facilitate
this?
Is
you
have
to
like?
Keep
these
things
in
sync,
you
have
to
like
diff.
These
isn't.
If
we
were
to
provide
to
something
to
you
in
terms
of
we've
already
talked
about
published
prompts
before
like.
If
it
was
like
published
check
like
publish
validation,
then
you
could
like
potentially
utilize
that
to
write
that
condition
that
you
could.
The
problem
is
that.
B
E
B
B
You
know
I'm
sure
this
somebody
will
pop
out
of
the
woodwork
and
say
they
actually
like
the
current
behavior,
but,
like
I,
I've
still
never
seen
an
example
so
like
it's,
it
would
be
seemed
very
unfortunate
to
me
if
we
ended
up
concluding
that
this
would
be
like
concretely
better
in
every
case,
but
we
can't
like,
but
there's
no
great
way
to
do
it.
So
do
it
yourself,
even
though
that
might
is
a
viable
workaround
yeah.
G
B
B
E
B
E
E
Yeah,
so
I
think,
crashing
old
and
crashing
a
behavior,
that's
going
to
fail
on
old
npms.
It's
it's
going
to
be
on
you
to
just
kind
of
make
sure
you
don't
do
that
right,
but
yeah
having
having
a
like
gar,
said
having
a
flag.
That's
additive
like
that,
would
be
really
easy,
and
then
that
opens
the
door
to
yeah,
we'll
just
put
a
pragma
in
dot
npm
ignore
that
does
that
I,
I
think.
Actually
you
know
just
just
having
it
even
as
like
a
comment.
E
Syntax
like
pound
bang
include
dot,
get
ignore,
like
that's.
Fine
and
that'll
be
ignored
by
old
npms.
So
if
you
install
with
an
old
npm
it'll,
be
maybe
a
you
know,
half
empty
package
or
something
or
a
package
that
includes
all
your
ignored
stuff,
but
at
least
moving
forward.
You
know
it.
It
saves
us
there.
I
don't
think
it
even
needs
to
be
a
flag
in
the
client
could
just
be
a
thing
that
we
a
feature
we
implement
and
hey.
It's
only
supported
as
of
7.12
or
whatever.
B
B
E
E
B
E
A
I've
been
trying
to
get
us
to
relocate
doctor
and
which
feels
like
you
know
these
types
of
things
like
the
sanity,
checks
etc.
Like
I
feel
like
there's
a
case
for
us
to
look
at
doctor
figure
out
if
it
like
what
feature
set,
it
supports
what
why
we
have
those
checks
in
place
and
then
also
maybe
expand
it
right,
yeah
yeah,
it
needs
polish,
but
potentially
npm
doctor
and
then
supports.
A
You
know
like
a
a
sub
command
and
then
for
that
in
the
future
that,
like
you
literally,
can
rely
on
that
to
just
fail,
like
for
config
yeah
thing
to
check
yeah
doctor
thing
to
check
even
yeah,
so
more
arbitrary
checks,
yeah
would
be
nice,
so
yeah.
It
feels
like
there
could
be
a
lot
of
improvements
made
to
npm
doctor,
which
we
could
you
know
expand
upon,
and
that
would
be
the
right
scope
for
that
kind
of,
like
validation
but
yeah.
That
feels
a
little
bit
different.
A
D
D
A
Just
to
be
sensitive
to
time
as
well,
because
there's
about
20
minutes
left
if
we
have
any
other
feedback,
we
want
to
give
on
like
this
rrfc,
like
this
issue
and
thread
and
maybe
give
some
context
from
this
conversation
back
to
that
issue
would
be
great.
It
sounds
like
there's
a
couple
ideas
that
could
sprout
an
rfc.
I
you
know
specifically
jordan
if
you
think
that
there's
something
you'd
like
that,
we
could
have.
B
A
A
You
know,
jordan,
you
brought
up
and
it
looks
like
you
even
added
it
here
in
terms
of
defining
a
workspace
or
or
somehow
making
that
connection
explicit
within
the
actual
workspace
back
to
the
the
parent.
I'm
not
sure
if
there's
any
any
other
conversations,
unless
you
were
the
last
one
to
like
note
or
comment
on
this,
I'm
not
sure
you
know,
I'm
not
sure
if
we
currently
it's
implemented
not
this
way.
Currently
we
don't
support
this,
so
this
would
be
like
a
net
new
capability,
but
yeah,
I'm
not
sure.
E
Without
making
any
explicit
changes
to
just
implicitly
for
what
that
were
in
a
workspace,
we
we
kind
of
tossed
it
or
tossed
it
about
and
talked
about
it.
But
it's
it's
really
really
hazardous.
You
know
there's
already
some
cases
like
that,
where
we
walk
way
further
up
the
package
up
the
folder
tree
than
we
really
ought
to
so
one
thing
that
we
had,
or
one
idea
that
occurred
to
me
as
we
put
some
definitive
marker
in
the
workspace
that
says
this
is
a
workspace
and
its
root
is
x.
E
What
that
means
is,
though,
that
that
gets
away
from
you
know
wes's
kind
of
suggested
design
constraint,
which
we've
managed
to
meet
so
far,
which
is
that
if
I,
if
I
have
a
folder-
and
I
have
a
bunch
of
just
checked
out
projects-
they
don't
need
to
know
that
they're
workspaces,
they
don't
need
to
have
anything
in
them
to
define
them
as
workspaces,
and
I
can
run
workspace
commands
and
have
it.
You
know,
build
their
package
trees
in
a
way
that
will
work
with
them
and
pass
their
tests.
E
A
E
Well,
I'm
I'm
offering
that,
as
I
don't
know,
if
I'm
in
favor
of
it,
in
any
case,
I
I
can
see
the
value,
but
I'm
more
just
saying
like
that
is.
That
is
the
way
that
we
could
do
this.
This
proposal
right
like
with
in
a
way
that's
not
hazardous,
but
it
does.
I
mean
I'm
calling
out
that
it
does
violate
that
prior
kind
of
design,
constraint.
A
I
would
also
because
we
brought
this
up
like
preemptively,
I'm
wondering
like
how
time-sensitive
this
really
is
like
so
far
like
not
that
many
people
have
complained,
maybe
because
we're
still
slowly
seeing
adoption
of
our
workspace
implementation
so
and
we're
rolling
out
more
and
more
command
support.
So.
F
I
guess
would
be
that
I
I
know
for
sure
some
of
the
things
that
are
not
yet
supported
are
just
blockers
for
for
option,
at
least
most
of
the
main
projects
at
netflix,
though
so
you're
not
going
to
get
yeah
I've
been
able
to
get
much
feedback
other
than
yeah
it
installs.
You
know
so
we'll
need
those
commands
before
we
can
know
whether
this
is
really
a
priority
or
not.
A
Right,
it
does
seem
like
it's.
This
is
for
an
improved
developer
experience
right
if
you
like,
if
your
expectation
also
like,
what's
your
expectation
inside
of
a
workspace
like,
do
you
want,
for
whatever
reason
just
to
install
in
place
like
that
folder
or
run
that
command
explicitly
in
that
directory
and
not
like
you
might.
E
Right,
because
what
you
want,
is
it
to
set
up
the
proper
links.
So
what?
If
what
happens
so
yeah
there's
a
question?
There's
an
open.
I
have
a
draft
pr
which
is
the
last
on
the
agenda.
We
probably
won't
get
to
to
talk
about
kind
of
how
we
link
or
which
things
are
shared
and
which
things
are
not
and
so
on,
but
would
it
work
to
do
npm
install
b,
dash
dash
yeah
npm,
install
dot,
slash
b,
dash
dash
workspace
equals
a
that's.
That's
that's.
A
Yeah
what
I
just
typed
in
chat,
I
think,
should
do
exactly
what
you're
talking
about
wes
here
once
like
in
a
little
bit
by
the
way
so
like
in,
like
you
know,
hopefully
the
next
like
definitely
by
the
end
of
this
quarter,
but
even
within
the
next
month.
We
we
have
the
ability
to
do
this
today.
Our
isaac
did
the
work
in
our
risk
to
actually
have
the
support.
We
just
need
to
wire
up
all
the
or
npmi
yeah.
F
F
F
A
A
Also
it
would
be
great
to
have
roy
back
to
actually
speak
to
this,
since
I
think
he
hasn't
been
able
to
join
the
last
time
a
few
times
that
we've
actually
talked
to
this,
so
so
we'll
leave
it
open
for
now
and
feel
free
to
add
comments
in
the
pr
itself.
So
moving
on
nilf
had
put
together,
rfc
336,
the,
where
config
parameter,
for
example,
exec
and
npm
config.
A
I
I
I
It
would
also
apply
to
npm
config
git,
because
it
would
allow
you,
instead
of
seeing
a
list
of
all
of
your
configs
merged
together,
you
could
list
the
contents
of
just
one
of
them,
then
the
other
place
where
this
seems
like
it
would
really
have
some
advantages
in
npm
exec.
One
of
the
things
that
we
get
a
lot
of
questions
about
is
when
something's
installed
and
you
run
it
with
npx.
What
does
it
actually
run
and
right
now
it
is
kind
of
a
strange
cascade
of
things.
I
I
I
A
Anybody
have
any
like
negative
feedback
to
this
any.
Like
reason,
we
would
push
back
on
this
other
than
the
name
yeah
other
than
the
name.
This
is
great
okay,
so
maybe
we
can
just
come
up
with
a
a
poll
or
something
for
a
few
different
names
and
see
which
which
one
folks
prefer
like
location
or
be
it
very,
very
explicit,
like.
B
Yeah
and
to
be
clear,
I
don't
think
there's
any
problem
with
the
word
where
I
think
that's
quite
appropriate
here.
I
think
the
problem
is
that
due
to
the
design
of
npm
config
and
how
a
config
flag
applies
to
every
command
that
it
needs
to
be
named
in
such
a
way
that
it's
clear
that
it
only
applies
to
this
one
command,
config,
config
location,
might
be.
B
G
I
E
D
H
Quick
update,
I
rewrote
the
rfc
to
be
focused
on
using
licensee.
There
are
some
changes
in
there.
It
also
based
off.
So
I
have.
I
have
retained
it
as
npm
audit
license.
I
I
do
think
that's
the
better
api
or
yeah.
I
think
that's
the
better
api,
but
I'm
not
hard
attached
to
it,
but
based
on
some
of
jordan's
feedback,
I
did
also
add
some
an
additional
commands,
a
flag
section
to
make
it.
So
no
audit
does
both
well,
so
it
would
all
it.
H
B
E
B
E
H
I
yeah,
and
I
I
would
specifically
I
I
think
this
was
also
a
note
that
both
kat
and
rebecca
shared
with
me-
or
maybe
it
was
just
cat.
I
don't
know
it
was
someone
originally
that
was
kind
of
the
scope
of
audit,
and
I
know
that
might
have
changed
but
like
to
be
able
to
expand
that
and
have
it
be
more
of
a
of
a
broad
range
rather
than
just
cves.
E
H
B
H
D
B
Yeah,
whatever
the
direction
I
mean,
what
I
mean
is
that
there
could
be
something
could
be
suddenly
dual
licensed
in
the
next
version
and
the
next
version
would
satisfy,
and
so
that's
something
a
fix
could
do
and
it'd
be
probably
nice
to
do
that,
because
then
it
reduces
the
amount
of
manual
license
leg
work.
One
has.
H
A
Right
yep,
so,
unfortunately,
we
had
two
other
items
which
we
probably
won't
get
to
since
we're
essentially
that
time
but
feel
free
to
comment
on
156,
the
rrfc,
optional,
install
and
isaac's
put
on
here
a
net
new
rc
which
is
defining
dependencies
and
how
they
are
shared.
So
jordan.
I
know
you'll
be
interested
in
this
and
it's,
I
think,
isaac.
If
you
want
to
speak
to
this,
I
know
you're
not
super.
E
The
this
is
just
discussing
the
user
experience
and
and
sort
of
the
the
defaults
in
the
semantics
of
like
what
we
what
we
share
and
when
between
workspace
projects,
I
actively
hate
the
kind
of
straw
proposal,
package.json
syntax
for
defining,
which
things
get
isolated,
which
ones
don't
so
burn
that
all
down
give
me
a
better
way
cause.
I
will
be
really
sad
if
this
is
what
we
land
on
yeah.
That's.