Open RFC Meeting - Wednesday, June 16, 2021, 2:00 PM EST

[darcyclarke]

Why?

In our ongoing efforts to better listen to & collaborate with the community, we've started an Open RFC call that helps to move conversations & initiatives forward.

When?

Wednesday, June 16, 2021, 2:00 PM EST

Cadence:
This meeting is scheduled to take place weekly. Previous meeting agendas and notes can be found here

Add to your Calendar:
You follow this & find other npm events by using our public events calendar

• gCal: https://calendar.google.com/calendar/embed?src=npmjs.com_oonluqt8oftrt0vmgrfbg6q6go%40group.calendar.google.com
• iCal: https://calendar.google.com/calendar/ical/npmjs.com_oonluqt8oftrt0vmgrfbg6q6go%40group.calendar.google.com/public/basic.ics

What?

All discussions surrounding RFCs are covered by the npm Code of Conduct. Please keep conversations constructive, civil & be mindful of when others are speaking. As is tradition, "raise your hand" when requesting to comment on a topic or request to comment asynchronously within the chat. The npm team may, at its own discretion, moderate, mute &/or remove a person from an Open RFC call for any reason.

Agenda

1. Housekeeping
   1. Introduction(s)
   2. Code of Conduct Acknowledgement
   3. Outline Intentions & Desired Outcomes
   4. Announcements
2. Clean up of historically ratified RFCs
   • Determine what items should be moved to withdrawn & the corresponding amendment
3. Check-in / Progress on Action Items
   • Quick updates on &/or additions to tracking work items
4. Issue: #398 [RRFC] Top-level command to manage package.json - @ruyadorno
5. Issue: #390 [RRFC] npm publish should fail when the files is misconfig in package.json
6. PR: #375 Define which dependencies are shared among workspace projects - @isaacs
7. PR: #343 RFC: npm workspaces: auto switch context based on cwd - @ruyadorno
8. PR: #336 RFC for `where` config parameter - @nlf
9. PR: #392 RFC: group outdated packages by dependency type - @thiagodp
10. PR: #386 RFC: Add check-installed-peers - @Roaders
11. PR: #3397 - feat(config): add in-range to npm outdated

Tracking Work / Action Items

Issue: #395 [RRFC] Promote `npm add` to a top-level command

• @ruyadorno to turn this into an actual RFC

Issue: #371 [RRFC] npm-audit-resolver next-steps

• @naugtur to make a PR (or issue) against arborist's audit report to indicate direct dependencies in output
• @naugtur to investigate npm explain --json as means to figure out if a vulnerable path is a dev/optional/bundled dependency
• @naugtur to create an issue against the CLI to to show the diff information that Arborist provides (@isaacs: should probably always show if --dry-run)

PR: #182 RFC: npm audit licenses

• @ruyadorno & @bnb to sync & work on initial work / POC

How?

Join Zoom Meeting
https://github.zoom.us/j/94543839461?pwd=S0lwYytLd2tlMVBxTlJGbE5QQlhGUT09

Watch the livestream
https://www.youtube.com/channel/UCK71Wk0I45SLTSXQA23GdIw/videos

Invitees

Please use the following emoji reactions to indicate your availability.

• 👍 - Attending
• 👎 - Not attending
• 😕 - Not sure

[naugtur]

My status:
Dug up arborist, didn't make much progress, didn't spend a lot of time either.

Optionally, I could use is a tip where to look for info that lets me figure out if an item is a direct dependency. I don't see any obvious candidates in fields in the collection.

[darcyclarke]

• Meeting Notes: https://github.com/npm/rfcs/blob/latest/meetings/2021-06-16.md
• Video Recording: https://youtu.be/N6cEmHKPRfo