924458 – net-libs/nodejs: NPM package manager is installed by default

Bug 924458 - net-libs/nodejs: NPM package manager is installed by default

Summary: net-libs/nodejs: NPM package manager is installed by default

Status:	UNCONFIRMED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	William Hubbs

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2024-02-14 07:20 UTC by Vit
Modified:	2024-02-17 03:07 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Vit 2024-02-14 07:20:13 UTC

NPM package manager is installed by default with NodeJS library.

Here in  /var/db/repos/gentoo/net-libs/nodejs/nodejs-99999999.ebuild: 
IUSE="corepack cpu_flags_x86_sse2 debug doc +icu inspector lto +npm pax-kernel +snapshot +ssl +system-icu +system-ssl test"

npm should be without +

It is the only one package manager except of Gentoo Portage that is installed by default. So why?

Reproducible: Always

Comment 1 Vit 2024-02-14 07:22:31 UTC

NodeJS is required by Mozilla Firefox www-client/firefox

Comment 2 John Helmert III archtester

2024-02-17 03:07:40 UTC

> It is the only one package manager except of Gentoo Portage that is installed by default. So why?

Discretion of the maintainer, really.

While there's some room for discussion about whether the package pulls in some extra attack surface by default, or the lack of necessity of npm, this isn't really something under the purview of Gentoo Security. Reassigning to maintainer as such.