caxa 2.0.0 postinstall never run properly
SOVLOOKUP opened this issue · 13 comments
postinstall never run: https://github.com/leafac/caxa/releases/download/v${package.version}/${stubName}
Does this repo have any release? and... for some reasons, github cannot be connected in some times in china.
Thanks for the report. Can you help me reproduce the problem?
- What errors happened?
- What version of Node.js are you using?
- What version of npm are you using?
- What happens if you try to run the
postinstall.jsscript by hand?
This repository does have releases, for example, https://github.com/leafac/caxa/releases/tag/v2.0.0
There are other packages that also depend on downloading stuff from GitHub on postinstall, for example, https://github.com/JoshuaWise/better-sqlite3. Do you know what is the general solution for these packages to work in China?
If it helps, I am aware that npm scripts including postinstall will be skipped if the npm install command is executed under the root user account, unless the --unsafe-perm option is used. If this is the case, a workaround would be:
$ whoami
root
$ npm install --save-dev --unsafe-perm caxa
Thanks for the report. Can you help me reproduce the problem?
- What errors happened?
- What version of Node.js are you using?
- What version of npm are you using?
- What happens if you try to run the
postinstall.jsscript by hand?This repository does have releases, for example, https://github.com/leafac/caxa/releases/tag/v2.0.0
There are other packages that also depend on downloading stuff from GitHub on postinstall, for example, https://github.com/JoshuaWise/better-sqlite3. Do you know what is the general solution for these packages to work in China?
#28 This PR can make postinstall use CDN automatically when the network is not smooth.
The CDN from: https://doc.fastgit.org/en-gb/guide.html#download-releases-or-source-code-archives
If it helps, I am aware that npm scripts including
postinstallwill be skipped if thenpm installcommand is executed under therootuser account, unless the--unsafe-permoption is used. If this is the case, a workaround would be:$ whoami root $ npm install --save-dev --unsafe-perm caxa
Ohh, that’s very bad. I’m inclined to just put the stubs in the npm package. It’s only ~20MB anyway, and only developers would have to download them (not the users of the binaries produced by caxa).
@maxb2, @pdcastro, @fcastilloec: Thoughts?
I'm ok with having caxa including all stubs. I know people don't like the excess of storage, but nowadays, most npm packages are pretty big. Also, caxa will always be a developer dependency unless you're actually developing caxa, in which case you won't install it through npm anyway. Besides, any size increase in caxa will never be reflected in your final project.
Changing the Github Action to include all stubs is a straightforward change, nothing complicated.
Last, if people in China sometimes have problems downloading from GitHub, what are the chances that they will also have problems downloading from npm? Because if the problem exists on both platforms, moving the stubs from one to the other won't do much in solving this. I don't know much about what has restrictions in China, hopefully, somebody more knowledgeable can chime in.
Thanks for the input!
I don’t know much either, but appears that there are mirrors of npm that are accessible in China (for example, https://npm.taobao.org). If that’s the case, then moving the stubs to npm will solve the issue. At the very least it’s one moving part less for our Chinese users to worry about.
If it helps, I am aware that npm scripts including
postinstallwill be skipped if thenpm installcommand is executed under therootuser account, unless the--unsafe-permoption is used. If this is the case, a workaround would be:$ whoami root $ npm install --save-dev --unsafe-perm caxaOhh, that’s very bad. I’m inclined to just put the stubs in the npm package. It’s only ~20MB anyway, and only developers would have to download them (not the users of the binaries produced by caxa).
@maxb2, @pdcastro, @fcastilloec: Thoughts?
This is a general problem when running npm as root, not specific to caxa. Whenever I'm using a docker container to run node (runs as root), I include the file .npmrc with the contents unsafe-perm = true. Then all npm commands run as expected. See this Dockerfile.
Last, if people in China sometimes have problems downloading from GitHub, what are the chances that they will also have problems downloading from npm? Because if the problem exists on both platforms, moving the stubs from one to the other won't do much in solving this. I don't know much about what has restrictions in China, hopefully, somebody more knowledgeable can chime in.
I don’t know much either, but appears that there are mirrors of npm that are accessible in China (for example, https://npm.taobao.org). If that’s the case, then moving the stubs to npm will solve the issue. At the very least it’s one moving part less for our Chinese users to worry about.
Moving the stubs to npm is a good idea, because of the mirror https://npm.taobao.org npm can be used stably in China.
github cannot be connected in some times in china
I’m inclined to just put the stubs in the npm package. [...] Thoughts?
if people in China sometimes have problems downloading from GitHub, what are the chances that they will also have problems downloading from npm?
Moving the stubs to npm is a good idea, because of the mirror https://npm.taobao.org npm can be used stably in China.
I've just tried accessing https://npm.taobao.org and got an error/info page that says NPM镜像站升级中,敬请期待!, which appears to translate as "NPM mirror station is being upgraded, so stay tuned!". If that's the reliable alternative to the GitHub releases page, then, well, ouch. :-)
Ideally, it wouldn't be for open source package maintainers to worry about hosting alternatives to GitHub and npm to get around the Great Firewall of China. Microsoft bought GitHub who bought npm, so it should be a matter of the CEO of Microsoft sitting at the table with the relevant Chinese authorities and coming to an understanding. :-) Maybe Microsoft should create a GitHub mirror in China using their Azure operations there: https://docs.microsoft.com/en-us/azure/china/overview-operations
I see that PR #28 adds the ability of selecting mirrors for caxa. From the little I know, that's what could actually help: having the data hosted / mirrored geographically within China mainland. Replacing GitHub with some other hosting provider outside China (like npmjs.com) would not be enough.
I've just tried accessing https://npm.taobao.org and got an error/info page that says NPM镜像站升级中,敬请期待!, which appears to translate as "NPM mirror station is being upgraded, so stay tuned!". If that's the reliable alternative to the GitHub releases page, then, well, ouch. :-)
Sometimes translation is really confusing...
The page:
NPM镜像站升级中,敬请期待!
源服务正常(http://r.npm.taobao.org/)
Actually says ->
NPM mirror station is working fine in http://r.npm.taobao.org/
The appearance of homepage is being upgraded, stay tuned!
Ideally, it wouldn't be for open source package maintainers to worry about hosting alternatives to GitHub and npm to get around the Great Firewall of China. Microsoft bought GitHub who bought npm, so it should be a matter of the CEO of Microsoft sitting at the table with the relevant Chinese authorities and coming to an understanding. :-) Maybe Microsoft should create a GitHub mirror in China using their Azure operations there: https://docs.microsoft.com/en-us/azure/china/overview-operations
Github does urgently need a stable Chinese mirror, but the capitalists may say that this is not profitable so they can solve it by themselves😒@microsoft
I see that PR #28 adds the ability of selecting mirrors for . From the little I know, that's what could actually help: having the data hosted / mirrored geographically within China mainland. Replacing GitHub with some other hosting provider outside China (like ) would not be enough.caxanpmjs.com
after rethinking the solutions, I think use npm to host stubs maybe a better idea, its more stable and convenient. Because almost everyone in china uses cnpm which is a alternative npm using Taobao source as default.
Thank you for all the valuable information. I’ll work on this as part of the v2.1.0 release next week.
caxa@2.1 is out and the stubs are shipped in the npm package—the postinstall script is not longer used. Please let me know how it works for you.
caxa@2.1 is out and the stubs are shipped in the npm package—the
postinstallscript is not longer used. Please let me know how it works for you.
it works, thanks~