Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 924458

Summary: net-libs/nodejs: NPM package manager is installed by default
Product: Gentoo Linux Reporter: Vit <vitalij>
Component: Current packagesAssignee: William Hubbs <williamh>
Status: UNCONFIRMED ---    
Severity: minor CC: ajak, vitalij
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Vit 2024-02-14 07:20:13 UTC
NPM package manager is installed by default with NodeJS library.

Here in  /var/db/repos/gentoo/net-libs/nodejs/nodejs-99999999.ebuild: 
IUSE="corepack cpu_flags_x86_sse2 debug doc +icu inspector lto +npm pax-kernel +snapshot +ssl +system-icu +system-ssl test"

npm should be without +

It is the only one package manager except of Gentoo Portage that is installed by default. So why?

Reproducible: Always
Comment 1 Vit 2024-02-14 07:22:31 UTC
NodeJS is required by Mozilla Firefox www-client/firefox
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2024-02-17 03:07:40 UTC
> It is the only one package manager except of Gentoo Portage that is installed by default. So why?

Discretion of the maintainer, really.

While there's some room for discussion about whether the package pulls in some extra attack surface by default, or the lack of necessity of npm, this isn't really something under the purview of Gentoo Security. Reassigning to maintainer as such.