Skip to content

Instantly share code, notes, and snippets.

@ryanflorence

ryanflorence/package.json.md

Last active December 23, 2015 02:29
Show Gist options
  • Save ryanflorence/6567339 to your computer and use it in GitHub Desktop.
Save ryanflorence/6567339 to your computer and use it in GitHub Desktop.
Download ZIP
Lets make a better package.json
Raw
package.json.md

A better package.json

Right now everybody seems to be creating their own .json.

Here are the reasons I think it happens:

  1. node dependencies may be different than browser dependencies
  2. node main.js may be different than browser main.js
  3. {project} {something} may be different than {project2} {something2}
  4. {not-npm} feels like it has to be a parasite in an npm-centric package.json

I think #4 is the big one.

If there are other reasons, please let me know.

I'd like to stop doing this, and I think everybody else would too.

Here's how it could work:

Everybody, including npm, can use a namespace in package.json to override the primary values.

As I understand it, this is how volo, browserify and jam already do things, so lets consider two other popular javascript package managers. (Yes, I know browserify is not a package manager, but it is related to this problem.)

A package.json with bower being the primary target might look like:

{
  "name": "tophat",
  "version": "1.0.2",
  "description": "you know you look best in a tophat",
  "main": "tophat.js",
  "dependencies": {
    "es5-shim": "1.0.0"
  },
  "npm": {
    "version": "0.2.1",
    "dependencies": {}
  }
}

Bower would install es5-shim but npm would not because it doesn't need it. Additionally, npm gets a pre-release version number because maybe node support is still in development.

Finally, insofar as bower, jam, and volo share the same config, you only need to override for npm.

A package that targets npm first could look something like:

{
  "name": "corsette",
  "description": "you know you look best in a corsette",
  "main": "index.js",
  "bower": {
    "main": "corsette-browser.js"
  }
}

This approach of embedded, overridable package manager configs allows

  1. any package manager to "own" the package.json
  2. any other package manager to override the "owner" config
  3. authors to stop repeating themselves

Having 5 different .json files in a project may seem like no big deal, but it is causing friction with some, which means managing JavaScript dependencies is harder than it should be. I think this is a solvable problem. Lets make things simpler.

@guilhermeaiolfi
Copy link

"namespacing" everything else but npm seems the way to go. Trying to change everyones package.json format is not going to work if we are targeting a relative short time for it to be usable.

@ryanflorence
Copy link
Author

Trying to change everyones package.json format

@guilhermeaiolfi "everyone" is package authors or package managers?

If authors, npm-targeted package.json will continue to work just fine w/o modification.

If package managers, that's the point of this thread, to see what the interest is. If it turns out that npm says, no, "we'd like to continue to keep a monopoly on package.json" then I guess that's that. But I think npm should be mindful of the larger ecosystem, and I have a feeling the powers-that-be are getting more sympathetic to this.

@rauchg
Copy link

rauchg commented Sep 15, 2013

The problem with your package.json with the npm namespace is that it's not clear at all that the file is targeting the bower registry. If I come to your repo and I see that package.json, I don't understand what package manager you're using. And worse yet, most people will think you're just using npm.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment