►
From YouTube: Open RFC Meeting - Wednesday, Nov 27th 2019
Description
In our ongoing efforts to better listen to and collaborate with the community, we're piloting an Open RFC call that helps to move conversations and initiatives forward. The focus should be on existing issues/PRs in this repository but can also touch on community/ecosystem-wide subjects.
GitHub Agenda Issue:
https://github.com/npm/rfcs/issues/70
Meeting Notes:
https://docs.google.com/document/d/1DixkdL771XS0clblEgaJB861REKttsdJs2Chqe3hGW8/edit
A
B
B
The
first
item
that
was
on
the
agenda
and
before
that,
actually
maybe
we
can
do
a
round
of
intros
there's
a
couple
new
faces
here.
If
you
don't
mind
just
going
through
and
saying
your
name
and
where
you're
from
I
can
start,
my
name
is
Darcy
Clark
I
work
at
M
p.m.
as
the
engineering
manager
for
community
and
open
source
and
help
facilitate
these
calls.
Roy.
Do
you
want
to
quickly
do
an
intro.
C
D
E
F
F
G
H
A
B
And
all
the
all
the
hard
work
so
far,
Jordan
cool
so
appreciate
those
intros.
The
first
thing
that
we
had
essentially
queued
up
for
the
agenda
was
the
multiple
funding
sources
are
see
that
Jordans
actually
put
together.
So
this
is
a
evolution
of
the
support
for
NPM
fund
and
the
funding
field
in
package.json
and
yeah
I'm
not
sure
join.
If
you
want
to
maybe
speak
through
the
actual
implementation,
a
bit
I
haven't
sure
cently.
A
So
I
haven't
put
up
an
implementation
PR
yet,
but
the
RFC
is
very
simple
in
concept.
It
is
take
whatever
the
funding
field
supports
and
support
an
array
of
it.
That's
it
which
is
like
I,
think
the
authors
and
contributors
fields
already
work
the
same
way
right.
So
there's
like
precedent,
people
kind
of
expect
this,
the
I've
begun
working
on
an
implementation.
There's
there's
a
little
Doc's
cleanup
from
the
string
shortcut
that
I
included,
but
the
the
part
that
gets
tricky
is
I,
do
have
some
implementation
questions.
A
We
don't
have
to
talk
about
on
this
call.
Maybe
Rory
I,
don't
know
if
you're
the
right
one
to
talk
to
but
like
we
can
connect
offline
for
that.
But
the
real
kind
of
bike
shed
any
question
about
there.
Rc
is
what
does
the
NPM
fund
output?
Look
like
the
JSON
output
is
easy.
It
it
matter.
It's
literally.
G
A
A
Stuff,
where
it
wasn't,
the
the
kind
of
open
questions
in
general
are
like
so
I
guess
for
the
JSON
output.
It's
a
question
of
like.
Should
everything
always
be
in
array
now,
just
normalize
it
to
be
erased,
so
you
get
an
array
of
0
or
an
array
of
1
for
me
that
feels
simpler
to
work
with,
but
I
don't
know.
A
Maybe
someone
consuming
the
JSON
consider
that
a
breaking
change
but
the
for
the
non
JSON
output,
the
current
kind
of
algorithm
to
compute
the
tree
that
prints
out
it
seems
like
it
expects
only
one
item
so
like,
for
example,
if
I
have
package
a
that,
has
a
github
sponsor
and
at
I'd
lift
link
and
I
have
package
B
myself
that
has
the
same
github
sponsor,
but
a
tie,
an
open,
collective
link,
those
don't
deed.
You
to
the
same
item
and
currently.
A
Like
they
are
because
they
only
have
one
link
if
they
have
the
same
link,
they
can
collapse
together
but
like
how
would
you
we
have
to
kind
of
decide
how
we
want
to
show?
Would
we
show
a
and
B
separately,
or
would
we
show
a
and
B
with
the
github
sponsor
link
and
a
with
the
titleist
B
with
the
open
collective
either
of
those
makes
sense
to
me,
but
we'd
have
to
make
that
decision
to
handle
the
D
duping
and
the
collapsing
and
stuff,
and
but
that
to
me
doesn't
seem
like
a
should.
A
B
A
A
death
flag
doesn't
make
sense
to
me
anyway,
because
the
more
transitive
a
dependency
is,
the
less
likely
I
am
to
be
motivated
to
pay
for
it.
But
when
I
express
those
concerns
in
the
initial
fund,
RFC
Isaac
pointed
out
that
he,
like
part
of
his
motivation,
is
to
actually
surface
transitive
dependencies
that
need
funding.
So
it's
like
that's
a
kind
of
tricky
question,
but
I
think
the
other
thing
is
I.
Think
I
can
already
expand
it
infinitely
just
by
making
infinite
packages.
It's
just
not
as
easy.
A
So,
like
it's
a
question,
we'd
have
to
solve
anyway,
it's
just
about
whether
we're
delaying
the
inevitable
or
just
kind
of
accepting
that
it's
part
of
the
design
and
I
so
I
believe
that
if
we
come
up
with
a
design
that
handles
this
with,
if
there's
a
depth
argument
or
not
I,
don't
know
that
you
know
but
like
and-
and
we
come
up
like.
But
if
we
come
up
with
a
good
UI
for
the
JSON,
the
just
shell
output
and
then
potentially
for
like
what
would
look
like
on
the
NPM
website.
A
Because
it's
gonna
compact
that
as
well,
then,
even
though
you
know
that's
closed
source,
only
a
few
of
you
would
have
to
deal
with
it
but
like
it
would
impact
the
design.
But
then,
like
the
overarching
question
of
how
do
we
put
a
cap
on
it
and
prevent
unbounded
growth,
I
think
that
applies
anyway
and
like
right
now
in
as
I'm,
adding
funding
fields
to
packages
and
publishing
them
and
then
going
to
their
dependents
and
doing
the
same
I'm.
A
A
different
question,
but
like
the
like,
the
number
of
unique
funding
URLs
is
slowly
growing
and
I
haven't
even
tried
to
run
NPM
fund
yet
in
a
large
app.
But
you
know
it's
gonna
take
some
time
anyway
for
package
updates
with
the
field
to
filter
through.
So
you
know,
it'll
be
a
while
before
we
see
that
impact,
but
I.
Imagine
like
I'm,
not
an
air
B&B
anymore,
but
I.
A
C
G
Ibm
I'll
ask
some
of
the
unplugged
commands
and
our
goal
is
to
flatten
the
tree
as
much
as
possible,
all
the
time
anyways
so
to
say
that
it's
like
we
can
credit
infinity
as
a
true
statement
but
it'll
in
practice.
I,
don't
think
it'll
ever
get
there,
because
the
way
that
word
deduping
well
then,
to
speak
to
your
question
about
yeah.
Okay,
oh
no,.
A
A
I
mean
I
think
the
like
the
challenge
I
foresee
for
me
personally,
is
that
I
have
the
same
github
sponsors
like
everywhere,
but
I
use,
tide,
lifts
and
I
have
200
packages
on
it
and
I
reuse
are
created
to
abstract
things
out
of
my
packages,
so
you
know
like
every
prolific.
Pathak
are
a
package
author.
Many
of
my
dependents
are
me,
and
our
dependencies
are
me
so
like,
but
with
tide
lift
I
offer
each
package.
I
don't
have
a
URL
for
me.
A
C
Like
I
thought
it
was
a
very
good
comment
on
the
original
PR
I
haven't
followed
up
in
the
conversation,
but
I
did
consider
that,
but
to
the
point
of
the
dupe,
I
think
I
would
love
to
try
to
do
it
as
much
as
we
can.
So
maybe
we
if
we
find
a
single
URL
that
is
repeated
in
multiple
packets,
just
to
do
to
that,
like
hook
them
all
to
the
top
level,
which
is
what.
H
C
Those
are
currently
that
the
current
algorithm
there
and
one
thing
I
would
even
go
further-
is
that
today
the
the
logic
there
will
try
to
compare
both
URL
and
type
and
I
would
say,
let's
even
ignore
type
like
if
we're
doing
this
for
44
in
order
to
support
array.
Let's
just
consider
the
euro,
if
they're
you're
all
the
same,
let's
try
to
do
the
same
item
as
much
as
we
can.
A
B
B
B
Be
yeah
that'd,
be
awesome,
I'm
sure
he's
got
time
for
that.
Also
in
terms
of
the
actual
web
view,
we
do
have
work
that
should
be
landing
to
support
the
initial
implementation
of
this
field.
So
essentially,
if
you
have
a
singular
entry,
then
we
utilize
that
to
display
a
button
in
the
future
that
could
be
a
tab
as
or
expand
out
with
multiple
references.
If
there
are
multiple
references,
so
we
can
work
out.
What
that
look,
UI
looks
like
in
the
future
in.
A
B
That
or
not
break
yeah
beautiful,
there's
a
third
person
is
this
person
so
well,
then,
thank
you,
okay,
so
there's
I
think
that's
that's
about
it
on
the
multiple
entries
and
I
pulled
up
or
hoisted
up
this.
This
ticket,
which
appreciate
Craig
actually
pulling
this
together,
got
a
ping
the
other
day
from
Tierney
about
the
wsl
work
that
Microsoft's
doing,
and
the
fact
that
the
teams
on
this
call
appreciate
so
PR
527
against
the
CLI
to
revert
support
for
wsl.
B
D
So
I
took
a
look
at
the
PR
and
it's
awesome
that
you're,
considering
integrating
w
cell
the
only
concerns
that
we
had
where
there
can
be
discrepancies
when
running
like
a
Windows
executable
from
WSL
for
accessing
files
for
certain
scenarios.
So
that's
why
we
put
in
the
pr
to
try
and
revert
this
so
that
we
can
take
some
time
to
evaluate
it.
So,
when
I
ran
like
some
tests
of
invoking
NPM
like
the
Windows
version
of
NPM,
if
you
invoke
that
and
target
a
folder,
that's
inside
of
your
Windows
subsystem
for
linux
distro.
D
B
Yeah
so,
unfortunately
Joan
the
the
original
author
of
that
PR
wasn't
able
to
join
by
commented,
essentially
with
the
position
that
the
idea
here
was
to
fall
back,
but
that
wasn't
implemented
that
way,
meaning
you
know
we
should
be
more
mindful
of
how
that
was
being
pulled
in
so
I'm.
Okay,
with
like
getting
this
landed
in
the
next
release,
that
we've
got
queued
up
for
Tuesday
to
revert
this
as
it
is
now
and
then
we
can
discuss
in
the
future.
You
know
what
what
this
would
look
like.
Support
for
wsl
would
look
like
yeah.
D
B
Okay
and
that
I
mean
I
think
well.
This
also
kind
of
exposes
is
just
like
the
level
of
Windows
testing
that
we're
doing
needs
to
like
increase
and
test
coverage
that
we
have
for.
Let's
say
these
scenarios
right
so
you're
saying
that
you
ran
a
test
specifically,
and
you
probably
hit
like
a
permissions
error
at
some
point
right
like
walking.
C
B
That
so
that
specific
test
that
scenario
we
I
would
love
to
have
a
test
that
covers
that.
So,
if
you
can
like
replicate
that
in
some
way
and
like
contribute
like
a
test
for
that
specific
scenario,
then
that
would
be
great
for
us
going
forward
to
then
implement
that
feature
and
make
sure
that
actually
like
works
right
like
support
for
it.
D
B
C
B
And
then
yeah
and
then
gabe
actions
uses
command.
So
we
like
that
the
fact
that
we'll
be
covering
two
bases
like
for
for
how
things
are
getting
executed
on
Windows
so
but
our
Windows
test
coverage,
I'd,
love
to
see,
increase
and
and
like
these
specific
nuance,
sort
of
tests
would
be
great
to
have
as
well
like
yeah.
C
If
you
can
don't
treat
it
to
test
itself
discovering
those
features,
that
may
be
something
we
need
to
support
or
something
we
want
to
avoid
on
Windows.
If
you
can,
if
we
were
actually
able
to
submit
them
as
a
P
as
a
peer
to
NPM,
so
that
we
can
be
aware
of
it
if
it's
a
failing
test
and
you'll,
probably
not
merge
right
away,
but
then
we
can
be
aware
of
this
yeah.
B
C
B
F
F
But
we
don't
always
know
exactly
how
people
want
to
combine,
and
so
you
know,
I'll
give
you
an
example
like
today
you
can
use
vs
code
running
natively
on
Windows
working
on
a
node
project,
that's
running
in
double
yourself
and
it's
it's
awesome,
but
what's
the
combo
that
that
other
people
want
to
do
that's
different
than
that
and
so
that
we
don't,
we
don't
have
quite
as
much
of
it's
their
signal.
So
when
I
hear
like
this
came
in,
it
was
like
well,
what's
motivating
this,
and
so
that's
the
that's.
F
The
kind
of
cut
feedback
we're
looking
for
too.
So
if
we
make
a
test,
the
test
should
be
something
that
people
want
to
work
or
for
confirm,
fails
in
order
to
preserve
or
to
make
Windows
a
a
great
place
to
do
work
and
and
whether
you're
you're
focused
on
on
native
Linux
or
native
Windows.
That
makes
sense
so
we're
trying
to
support
everyone,
but
sometimes
the
supporting
everyone
can
cause
problems.
If
you
make
assumptions
right
and
we're
true,
we
don't
want
to
make
the
wrong
assumptions
and
be
you
know
it
caused
pain.
B
C
B
No
problem
and
feel
free,
if
you
folks
have
to
drop
off
I
know
this.
It
was
primarily
I
think
why
you
you
jumped
on
board
and
we'll
we'll
look
to
take
the
action
item
of
looking
at
reverting
this
and
pulling
this
in
for
the
next
release.
For
so
I
believe
the
next
release
we
have
cued
up
is
a
minor
614,
so
you
can
expect
that
next
Tuesday,
so
awesome
yeah,
no
problem.
Thank
you.
Alright,
Cheers.
B
G
Isaac
was
the
only
one
that
had
investigated
this
a
little
bit,
it's
like
if
you
something
around
the
idea,
if
you
invoke
a
like
dot
ps1
file
with
PowerShell,
it
yells
at
you,
but
if
you
don't
do
it
elsewhere
in
this
file
system,
it
there's
something
else.
Should've
been
and
we've
probably
brought
us
up
all
the
windows
guys
for
summer
yeah.
B
B
B
G
E
B
B
E
B
B
C
Yeah,
but
it's
it's
more
complicated
than
that
in
the
RFC.
It's
mentioning
the
usage
of
the
death
flag
in
order
to
limit
the
amount
of
dependencies
you're
going
to
show
right,
but
I
think
is
that,
like
today
and
p.m.
LS
member
package,
if
you
have
multiple
multiple
instances
of
the
package
right
and
you
know,
dependency
tree
is
going
to
show
up
everything
and
I'm,
not
sure
it
behaves
the
way
the
RFC
like
like.
If
it's
it
impossible
to
you'll.
Have
it
behaving
it's
simple
as
that
it's
just
more
complicated
than
just
trying
to
limit.
A
That
which
kind
of
would
remove
what
might
be
the
ambiguity
you're
referring
to
that
would
start
the
fund
from
that
point,
I
can
say
like
show
me
all
the
things
that
babble
depends
on.
You
know,
because
I
care
about
that
I
want
to
make
sure
like
babbles,
supported,
indirectly
to
right
or
something
or
I
could
be
like
show
me,
you
know,
show.
A
C
A
C
G
Some
of
this
will
be
immediately
addressable,
an
NPM
set
like
with
our
braceland,
because
the
metadata
that
our
brace
holds
is
a
graph
tree.
It's
not
like
it's,
not
a
it's,
not
a
strictly
a
tree.
It's
a
graph
of
all
the
dependencies
in
your
node
modules
and
so
being
able
to
say,
I
want
to
know
this
particular
one
and
all
the
places
that
it
exists
will
be
and
like
or
anything
underneath.
It
will
be
interesting.
G
A
G
A
G
G
C
C
About
v7,
but
this
is
just
potential
work,
I'm,
not
sure
this
is
complete
or
definitely
but
Isaac
mentioned.
He
wants
to
actually
change
and
PM
LS
into
only
outputting
the
data
you
have
on
your
package
lock,
so
it
wouldn't
reverse
the
node
modules
folder
anymore,
so
that,
like
oh,
that
just
becomes
like
I
think
something
like
a
query.
Selector,
like
your
dimension,
might
make
way
more
sense
than
trying
to
just
scope
down
that
size
like
these
RFC
proposes.
So
the
potential
idea
right
now
because
of
the
performance
issues
we
have
with
him
being
found.
C
A
G
A
Like
is
there
gonna,
be
an
escape
hatch
like
I
like
comparing
what's
on
disk
I,
want
that
behavior
and
like
I,
want
to
make
sure
that
what's
on
disk
matches
like
package.json
and
matches,
you
know
The
Arbors
metadata,
let's
say
without
like
you
know,
or
doesn't
conflict
with
it
doesn't
have
to
match.
There
could
be
extra
stuff
in
there
as
long
as
it
doesn't
violate
semver
restrictions
and
so
on,
but
like
that,
that's
important
to
me,
I,
don't
want
to
have
to
run
NPM
CI
and
wipe
everything
out
in
order
to
validate
that.
G
So
I
know
that
there
is
methods
inside
of
arborists
that
will
like
load
your
current
tree.
So
like
it'll,
you
can
basically
like
generate
an
ideal
tree
from
like
what
you
have
in
your
package,
JSON
file
or
your
package
lock
or
your
on
lock
file
or
your
shrink,
wrap,
I'll,
even
and
and
then
there's
like
the
reified
tree,
which
is
the
one
that
comes
from
that
ideal
tree.
But
I
know
that
he'd
baked
in
some
I
don't
know
both
victims,
probably
wrong,
where
it
created
a
feature.
G
That
was
to
say
that
it'll
read
in
what's
in
your
node
modules
and
like
do
a
diff
against
those
things
to
know
to
like
to
know
how
to
change
stuff
and
uses
the
RX
metadata
to
know
how
to
like
it
certain
and
pull
out
some
stuff.
I
shouldn't
say
it
like
I
keep
saying
NPM
7,
because
that's
we're
going
to
wind
arborist
in
NPM,
but
like
all
of
this,
is
concerning
arborist.
It's
not
necessarily,
and
so,
once
the
speech
functionality
is
created,
an
arborist
it'll,
be
them
put
inside
of
NPM
yeah.
A
Whatever
the
default
is
what
I'm
gonna
do
and
you
know,
and
then,
if
the
other
group
that
do
have
opinions
and
I'm
so
far,
I
haven't
heard
anything
concrete
that
I'm
like
raising
alarms
about
from
NPM
seven.
But
it
sounds
like
there's.
It's
going
to
be
a
series
of
profound
changes
to
the
ecosystem
and
so
I,
just
kind
of
hope
that
there's
gonna
be
adequate
time
to
really
explore
the
consequences
of
those
before
they
land
John,
because
it's
just
I've
had.
A
C
H
C
B
So,
just
to
circle
back
here
on
on
this
specifically
I
think
that
we,
what
Jordan
brought
up
is
actually
what
is
ideal
for
sure
some
sort
of
filter
scope,
something
along
those
lines.
That
is
more
broad
in
the
since
that
we
can
be
using
it
across
other
sub
commands,
but
I
don't
think
it
would
make
time
it
makes
sense
and
and
I,
don't
think
we're
gonna
put
time
and
invest
time
in
doing
this
for
six.
B
So
what
we
can
do,
essentially
with
this
conversation,
is
probably
circle
back,
say
that
Mike
the
root
concern
or
solution,
the
like
that
they're
trying
to
solve
for
or
problem
they're
trying
to
solve
for
and
solution
they're
trying
to
create
to
solve
that
problem
is
is
some
sort
of
filtering
or
scoping
of
the
view
of
the
world,
and
we
agree
that
we
want
to
support
that.
But
it's
not
going
to
be
supported
till
NPM,
seven,
so
mm-hmm
I'm,
gonna
change
the
labels
here,
a
bit.
B
Remove
Help,
Wanted
and
we're
gonna
say
this
is
gonna,
be
a
release.
It's
gonna
be
blocked
by
NPM.
Seven
and
I'll
take
an
action
to
write
a
comment
on
this
thread
specifically
about
you
know
the
intent
there
and
just
the
fact
that
it's
something
we
find
value
in,
but
probably
we're
gonna
wait
till
NPM
seven
to
implement
anything
like
that
cool,
okay,
so
moving
along
again
PR
number
twenty
powershell
scripts
for
installed,
binaries.
C
B
Yeah,
this
kind
of
proof
so
I
think
this
just
got
pulled
up
because
it
slows
the
label
agenda,
so
we
can
actually
just
remove
that
label
and
that
should
not
show
up
anymore.
That's
great
okay,
pure
number,
18
interactive
audit,
resolver
Roy.
Do
you
have
any
opinions
on
this
based
on
discussion,
internal
discussions,
we've
had
about
interactive
commands,
yeah.
C
B
B
Right,
so
if
you
can
create
the
RC
you
know
in
in
the
next
week,
or
so
for
that
more
broadly
than
the
discussion
still
stands,
that
you
know
we
want,
the
ability
here
to
I
think
opt
out
of
certain
audit
results.
Right
like
this
is
what
this
is
continues
to
keep
coming
up.
People
are
like
I,
don't
want
to
get
you
know,
I
don't
want
to
hear
about
when
this.
C
B
Okay
and
we
don't
really
have
any
update
from
like
our
security
folks
or
anything
like
that,
so
we'll
move
on
got
about
15
minutes
left
and
the
last
item
that
I
actually
put
on
here
was
the
a
note
about
the
collaborator
summit
in
Montreal
I.
Think
a
lot
of
people
on
this
call
are
gonna,
be
there
I,
don't
I
think
Jordan.
You
said
you
were
not
going
to
be
at
Note
interactive
or
the
collaborations.
B
B
It
can
be
a
in
person,
open,
IRC,
meeting
or
I
think
we
could
also
utilize
the
time
to
discuss
how
we
can
better
collaborate
with
like
the
am/pm
community
or
the
node
community
at
large,
so
I'm
I'm,
all
for
maybe
making
it
like
a
working
group,
a
working
session.
You
know
whiteboard
ideas,
but
just
want
to
essentially
put
this
on
people's
radar.
Also
note
that
you
have
to
actually
I
think
register
to
add
this
to
your
note,
interactive
ticket.
B
So
if
you
haven't
done
that,
you
have
to
click
on
that
link
and
add
it
to
your
ticket
yeah.
So
I
just
want
to
keep
this
on
folks
radar,
I'm,
not
sure
Roy,
Michael,
Jordan
or
Daniel.
If
you
have
suggestions
for
topics
we
should
be
bringing
up
at
this
meeting,
but
it's
essentially
an
in-person
RFC
call.
B
C
G
C
C
B
I
know
the
folks
from
package
maintenance
working
group
I've
already
poked
them-
are
a
lot
of
those
folks
are
willing
to
come
to
that
call
or
that
meeting
and
we're
gonna
sort
of
split
time.
So
anything
that
spills
over
from
that
working
group
call
because
they
also
have
a
not
call,
but
that
meeting
yeah
yeah.
C
C
A
few
details,
I
know
from
the
collab
summit.
The
this
time
around
is
going
to
be
a
single
track,
so
we'll
definitely
get
attention
from
the
rest
of
like
foundation.
Members
they're
gonna
be
there,
and
what
I
would
suggest
is
just
that's
crafty
agenda
as
usual,
just
to
have
that
as
a
backup
but
I
think
the
more
meaningful
discussions
could
be
okay,
but
maybe
they
brainstorming,
maybe
onboarding
more
people
to
participate
on
these
open.
Rfc
calls
right,
I
think
that's
more
available
than
just
the
regular
open,
RFC
call.
C
B
F
B
B
C
The
summit
people
that
are
trying
to
find
a
way
to
have
those,
especially
for
the
working
groups
like
open
RC,
calls
like
this
they're
one
to
get
away
to
have
a
regular
streaming
going
on
right.
So
it
might
be
that
there's
going
to
be
logistics
already
figure
out.
It
might
be
that
not
so
maybe
we
can
just
try
to
call
in
for
more
laptops.
I
guess
we'll
see.
B
Awesome,
okay,
so
I
think
that's
it
for
agenda
items.
Did
anybody
else
have
any
announcements,
anything
else
that
they
want
to
bring
up
or
focus
on,
I
know
Daniel
you've.
Actually,
just
you
just
create
a
topic
for
an
RC
as
well,
which
we
haven't
really
had
time
to
review.
Yet
I'm,
not
sure
if
you
want
to
maybe
at
least
speak
to
that.
A
E
Yeah,
so
so,
basically,
a
president,
if
you
log
into
NPM
into
your
account
and
go
to
your
profile
page,
there's
an
option
to
link
to
your
Twitter
profile
in
your
github
profile
and
the
way
it's
currently
built.
Is
you
just
put
whatever
URL
you
want
in
and
that
shows
up
on
your
NPM
profile
as
being
your
Twitter,
your
github
account.
E
In
with
your
thought,
the
writer
choice-
and
this
is
just
simply
kind
of
the
first
step
towards
getting
to
a
future
where
authentication
doesn't
have
to
be
in
a
silo,
an
NPM
thing.
So
that's
why
I
wrote
the
RFC
and
I
think
this
RFC
in
particular
just
is
talking
about
like
the
CLI
interactions
that
would
be
required
to
support
this
functionality.
E
There
definitely
to
be
registry
side
changes
as
well
and
there's
also
potentially
breaking
changes,
because
if
we
were
to
add
a
nonce,
have
the
CI
generate
a
nonce,
then
that's
going
to
break
or
require
nots
to
be
supported
by
any
other
registry
or
a
repository
manager
that
NPM
talks
to
so
I.
Think
there's
a
couple
of
components
of
this
that
would
be
worth
discussing
just
to
see
what
the
right
scope
is.
If
we
want
to
do
this,
yeah.
E
The
real
I
put
it
in
here
it
because
I
think
it's
gonna
be
a
hard
sell.
Just
to
have
the
nonce
be
its
own
thing,
that's
done,
and
so
having
it
be
part
of
something
that
provides
user
facing
value
seemed
like
a
good
thing,
but
again
it's
potentially
breaking
change,
so
I
don't
want
it
to
hamstring
any
you
know
other
perceived
value
in
this
PRS
unnecessarily.
E
A
Well,
I
mean
the
breaking
change
sounds
like
if
you're
talking
about
like
login
with
github
and
stuff,
like
that,
but
I
think
the
what
I
am
intrigued
by
with
the
core
feature
is
the
concept
that
I
as
a
packaged
author
and
all
the
other
package
authors
that
I
depend
on
could
essentially
the
way
you
might
do
on
key
base.
You
can
essentially
like
a
search
in
a
validated
way
what
your
other
identities
are
and
then
you've
created.
C
A
Link
multiple
accounts
to
my
NPM
account
freeze
all
of
my
NPM
packages
from
only
being
trustable
when
on
NPM.
It
means
that
if
I
could
do
that,
then
get
a
package
registry,
for
example,
could
automatically
pull
my
and
PM
packages
in
and
grant.
My
github
account
appropriate
permissions
on
them
without
me
having
to
do
a
bunch
of
work
and
then
users
of
both
get
benefits.
A
It
means
if
I
publish
to
github
package
registry
github
could
just
I
could
set
that
tell
github
to
just
auto,
publish
it
to
NPM
for
me
because,
like
they
know
my
account
and
it's
secure
and
PM
knows
that
I'm,
github
and
so
on.
So
like
as
long
as
there's
a
way
as
long
as
it
leads
to
a
feature
where
that
off
data
stops
being
like,
you
said,
siloed
inside
NPM,
I
think
that's
a
massive
improvement
for
everyone.
B
G
B
E
Because
the
thing
the
thing
that
happened
with
surge
back
when
the
we
changed,
our
our
search
API,
was
that
if
you
were
using
Nexus
repository
manager,
it
was
broken
for
six
months.
You
couldn't
search
for
NPM
packages,
because
we
hadn't
really
done
a
good
job.
Looking
for
me,
the
community
that
that
change
was
coming
and
that
maybe
you
know
you
should
make
sure
that
it
was
going,
your
your
product
is
going
to
be
compatible
with
it.
B
B
We
know
will
definitely
file
something
once
once
this
is
sort
of
flushed
out
and
and
approved.
Let's
say
from
our
end,
then
we'll
we'll
make
it
more
official
awesome.
Okay,
well,
I'll,
give
folks
I
think
three
minutes
back.
If
we're
four
we're
looking
good,
then
for
today
and
appreciate
everybody
jump
it
on
I'll,
see
you
in
a
couple
weeks:
cool.