Bug#857986: marked as done (npm: package is 3 years old (consider removal?))

Wed, 18 Jul 2018 09:39:46 -0700 

Your message dated Wed, 18 Jul 2018 16:34:33 +0000
with message-id <e1ffppn-00056e...@fasolo.debian.org>
and subject line Bug#857986: fixed in npm 5.8.0+ds-1
has caused the Debian Bug report #857986,
regarding npm: package is 3 years old (consider removal?)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
857986: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857986
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: npm
Version: 1.4.21+ds-2
Severity: grave
Justification: renders package unusable

Sorry for opening such a non-standard bug report
but this page leads me to believe that the most
up-to-date version we have for this package on
Debian is from 2014 (see changelog on the menu on
the right side of the screen):

https://packages.debian.org/sid/npm

I don't see any indication anywhere that there is
a reason or justification for this.

Node.js and NPM have become standard tools for web
development and the *extremely outdated* version
proved by this package siomply doesn't work anymore.

I suggest this package be entirely removed to avoid
well-meaning users from comiong across all sorts of
bugs and errors while using npm due to a lack of update
in what has become an essential tool. If Debian maintainers
can't keep this up-to-date, this package being here
probably does more harm than good to your average
user who expects it to "Just Work". I wouldn't say this
if I didn't know for a fact that this outdated version
simply doesn't work anymore with the package.json files
that are on the NPM repository (try installing polymer,
for example: npm install -g polymer ).

Node.js provides a single package (for Node and NPM) in
their own repository. I'm not sure if any efforct can be
done to bring this package version into Debian's
repositories but if that's not possible, I believe that
having a 3-year old version is doing more harm than good
and that it is better for Debian not to offer such - and
have users install from the official repository instead
or from the website Linux download.

Repository insall instructions 
https://nodejs.org/en/download/package-manager/#debian-and-ubuntu-based-linux-distributions

Simple download from website
https://nodejs.org/en/

Again, I doubt this years-old package here is doing 
any good for most users, and I imagine it's doing more
harm since people might not even noticed their NPM tool
is extremely outdated, which will obviously lead to hard
to understand errors.


-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages npm depends on:
pn  node-abbrev               <none>
pn  node-ansi                 <none>
pn  node-ansi-color-table     <none>
pn  node-archy                <none>
pn  node-block-stream         <none>
pn  node-fstream              <none>
pn  node-fstream-ignore       <none>
pn  node-github-url-from-git  <none>
pn  node-glob                 <none>
pn  node-graceful-fs          <none>
pn  node-gyp                  <none>
pn  node-inherits             <none>
pn  node-ini                  <none>
pn  node-lockfile             <none>
pn  node-lru-cache            <none>
pn  node-minimatch            <none>
pn  node-mkdirp               <none>
pn  node-nopt                 <none>
pn  node-npmlog               <none>
pn  node-once                 <none>
pn  node-osenv                <none>
pn  node-read                 <none>
pn  node-read-package-json    <none>
pn  node-request              <none>
pn  node-retry                <none>
pn  node-rimraf               <none>
pn  node-semver               <none>
pn  node-sha                  <none>
pn  node-slide                <none>
pn  node-tar                  <none>
pn  node-underscore           <none>
pn  node-which                <none>
ii  nodejs                    7.7.3-1nodesource1~jessie1

npm recommends no packages.

npm suggests no packages.

--- End Message ---
--- Begin Message --- 
Source: npm
Source-Version: 5.8.0+ds-1

We believe that the bug you reported is fixed in the latest version of
npm, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 857...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Pirate Praveen <prav...@debian.org> (supplier of updated npm package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 18 Jul 2018 21:37:49 +0530
Source: npm
Binary: npm
Architecture: source all
Version: 5.8.0+ds-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Javascript Maintainers 
<pkg-javascript-de...@lists.alioth.debian.org>
Changed-By: Pirate Praveen <prav...@debian.org>
Description:
 npm        - package manager for Node.js
Closes: 794890 857986 863963 870460
Changes:
 npm (5.8.0+ds-1) experimental; urgency=medium
 .
   [ Diane Trout ]
   * New upstream release (Closes: #870460, #863963, #794890, #857986)
 .
   [ Jérémy Lal ]
   * Switch to dh
   * Section javascript
   * Priority optional
   * Drop Jonas from uploaders because of the move to dh
   * Update Homepage url
   * Update Vcs-Browser url
   * Fix make clean
   * Override make targets
   * Temp workaround for failure with prefix/npmrc
   * Build-Depends node-tacks, node-tap for running tests
   * Build-Depends node-require-inject for tests
   * Drop ruby-ronn from build-dependencies
   * Actually call make clean
   * NPMOPTS not needed because it does not have to install modules
   * Exclude request entirely
   * Exclude node-gyp entirely
   * Fix install and noop for auto_install
   * Use repacksuffix
   * make clean can fail
   * Disable tests for now
   * Fix syntax error in watch
   * repacksuffix makes uversionmangle useless
   * Add comment for tests
   * Ignore case to remove extra license files
   * watch file syntax again
   * npm need a recent node-tar
   * Call /usr/bin/node-gyp instead of second-guess where it is
 .
   [ Pirate Praveen ]
   * add node-fs-vacuum as dependency
   * remove all .npmignore files
   * drop unique-filename, already in the archive
   * add node-unique-filename as a dependency
   * add lintian overrides
   * Reorganize doc-base structure
Checksums-Sha1:
 d43bfae246eba00a42938e6753d0acb19a9c328d 3265 npm_5.8.0+ds-1.dsc
 f75f329669441d2e96abce8766bd70f7fc667cdb 3359538 npm_5.8.0+ds.orig.tar.gz
 e47abefc0c0869acd644d19402ffa93b443fe076 18276 npm_5.8.0+ds-1.debian.tar.xz
 989bfb5e659a51de98ac7b428bb56e4614f54d37 1250828 npm_5.8.0+ds-1_all.deb
 e81637d62c2dfcbb63c845a8479220d90770813b 12938 npm_5.8.0+ds-1_amd64.buildinfo
Checksums-Sha256:
 debd9be8735fb137c2d34ecd1e2750b030f7f50aa78af119ef02a277f0789cf7 3265 
npm_5.8.0+ds-1.dsc
 8f37c13e547bcff7ed7b7c23b0efb6a1dfe645d9d1c6647320b806826c533ece 3359538 
npm_5.8.0+ds.orig.tar.gz
 d879cfc5b7303486cd5bc2b40ea0a4a31dd3dd15c27c8f2a00445a5169802254 18276 
npm_5.8.0+ds-1.debian.tar.xz
 de360b8eb2bce2129a716e42b563d378513f51e690f9104454e8cb32b432e65f 1250828 
npm_5.8.0+ds-1_all.deb
 128d591f7b95b41aaf0f71a84d615706a175e2f2a32fe9302f1c978e7004e8e5 12938 
npm_5.8.0+ds-1_amd64.buildinfo
Files:
 a2e6abcdfa0a3af3d94013a729963086 3265 javascript optional npm_5.8.0+ds-1.dsc
 6aeeec6fe4636f4bea99831d544aa36c 3359538 javascript optional 
npm_5.8.0+ds.orig.tar.gz
 ddc267da9161a7fd1137c9faee018cb0 18276 javascript optional 
npm_5.8.0+ds-1.debian.tar.xz
 9c25f59aac913b7abb1fd3ceeac9279e 1250828 javascript optional 
npm_5.8.0+ds-1_all.deb
 b4997d558abf13bd0954caa1c7cfdad4 12938 javascript optional 
npm_5.8.0+ds-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEKnl0ri/BUtd4Z9pKzh+cZ0USwioFAltPakwACgkQzh+cZ0US
wip/JhAAqy/IYztkxuxIG0YPPKhuqXDPKYReOCXTq1ZDaJnH52GVjOSY7cqgVbp5
SnAJ4kYPzJCpxv6g+o4job+2fylNCQ61z90S/VksFELuq7rlNVRjjaocKtTNFVbk
r4GLKxraiI4p74AnWsLPY9r1zqXVF45HRqFIAWGpIRSfwG9nR8mylp2q4L6GflMm
I0VzREZAtomcZxbdGJ5md2z2wG1kdfmO7dl5PkE3MIZB1ifKBnCqmmsdpwR/Qi83
4jrlODrCYMOpQ+RwjImzRQT/JiPH6/PY7Xe2CmHMuS1z5clvcdtnGxsu/52leGah
p0d5gph1LMrwjNe3lmyLN2qk7ebjNfdUNgTVkr2s+C5MjESZDunRbNN22wfqD63V
zxwxNSY4Z9RUAojH2Cz6uXVS+F/rN64pwUt9WqeC/uFcFRiBM3woQzi5RWwFeIFR
Kqvyp94aX1USEoOgOsLtXUA6BW0zjRQN9uChuxNF3xRaHG/KLNhwtCbH8z1mke/8
dBwPGrBshZJ3KjYQJnY/TD12jDTK6KwXM6Y8N5sWxIAI9U5BGEmywZ2Uk74IobMV
TnUnQiJqMoOoImOUrPjXWV+n7P9ngEcfFQVTjiZG0ZZTmUwEBoI3VCiPDNETO6he
JKMb8tAnI6h2BCn4bFGOmt1uwaqD4MkUoN9jtZDrTMbDZv2o8W4=
=T9Lg
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to