docs: git repos require a package.json about cli HOT 4 CLOSED

New feature suggestions usually start at https://github.com/npm/feedback/discussions then make their way to https://github.com/npm/rfcs

from cli.

To me, the docs are pretty clear! The docs for npm install explicitly say:

A package is:

• a) a folder containing a program described by a package.json file
• b) a gzipped tarball containing (a)
• c) a url that resolves to (b)
• d) a <name>@<version> that is published on the registry (see registry) with (c)
• e) a <name>@<tag> (see npm dist-tag) that points to (d)
• f) a <name> that has a "latest" tag satisfying (e)
• g) a <git remote url> that resolves to (a)

From (g), it is implied that a <git remote url> should resolve to a folder containing a program described by a package.json file.

Also,

Surely that's silly that npm is cluttered with people creating worthlessly-forked packages of a commonly used library, just to work-around lack of a package.json.

This argument is a red herring and has nothing to do with your feature suggestion.

@wraithgar should relabel this issue as Wontfix and close IMHO.

from cli.

Yes the docs should be updated. There isn't likely to be any way to do this without a package.json. That assumption is pretty deeply baked into a lot of npm, and that package.json needs to have a name and version in it. Also, auto-generating would require a TON of guessing, which is something we are trying to move away from in npm. Guessing what the user wanted will never be as useful as making them be explicit.

Also, in the future please use the issue template. It was only by accident that I saw this issue. Normally this would slip through the cracks because it is missing the tags and info that our issue template adds.

from cli.

in the future please use the issue template

Apologies.

I skipped the template because it wasn't clear to me that "Bug/Issue" was the right place for discussion and/or feature request. Is that the template I should have used in such a case? If not, perhaps a dedicated template for feature requests or discussions would be helpful.

There isn't likely to be any way to do this without a package.json

Sure, that is totally reasonable. Node requires it, too. There needs to be one, no question. But where it comes from is the nuance of the rest of this message/thread.

auto-generating would require a TON of guessing

Hmm, not to be argumentative, but I don't see this as much guessing in this case. You know what name to use because it's the name of the git repo they cloned. And if repo name isn't unique enough, surely "[github username]-[github repo name]" (like "davidshimjs-qrcodejs" above) would be, right?

And my code snippet above suggested 0.0.[iso8601-numeric-timestamp] as version number, like 0.0.20240324190100 above, with the timestamp being the moment it was installed.

If name and version are the only required fields, is that really too much "guessing" in this narrow context?

I certainly understand NOT guessing any other meta data, and the general aversion to guessing. But I felt this was a pretty narrow case to warrant me making the suggestion.

Guessing what the user wanted will never be as useful as making them be explicit.

In general, sure.

The exception to this is packages like the one I linked, which sadly don't have a package.json (so they can't be explicit), haven't been touched in almost a decade (and are likely to never get touched again, given the lack of issues triage), but are popular enough that literally a dozen other people have self published their own packages that do nothing but fork that repo and add a package.json file just to publish.

Surely that's silly that npm is cluttered with people creating worthlessly-forked packages of a commonly used library, just to work-around lack of a package.json.

In the case where we can't get the original author to be explicit, I am just wondering if a tad bit of narrow guessing can be warranted?

I also want to stress that my suggestion for this auto-generation is purely opt-in via flag and/or metadata. So the user installing such a git repo tries npm install and that fails because of the missing package.json... then they add the --auto-package-json flag or whatever, to explicitly ask npm to do that minimal amount of guessing.

That seems like it would be narrow enough to be safe. No?

from cli.