
<html>

  <head>

    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">

  </head>

  <body text="#000000" bgcolor="#FFFFFF">

    <div class="moz-cite-prefix">On 08/14/17 17:40, Ryan Kelly wrote:<br>

    </div>

    <blockquote type="cite"

cite="mid:CAB3n-YbXWa2doQgP6uYPO9V3dcUTi7usNv75J5UOn8o970oDbQ@mail.gmail.com">

      <div dir="ltr">

        <div class="gmail_extra">

          <div class="gmail_quote">On 15 August 2017 at 10:20, Sean

            McArthur <span dir="ltr"><<a

                href="mailto:smcarthur@mozilla.com" target="_blank"

                moz-do-not-send="true">smcarthur@mozilla.com</a>></span>

            wrote:<br>

            <blockquote class="gmail_quote" style="margin:0 0 0

              .8ex;border-left:1px #ccc solid;padding-left:1ex">

              <div dir="ltr">

                <div><br>

                </div>

                <div><b>tl;dr </b>- Let's upgrade all our stuff to

                  npm5, and remove node4 support, so we can live in the

                  bright new future!</div>

                <div><br>

                </div>

              </div>

            </blockquote>

            <div><br>

            </div>

            <div>Thanks for kicking off this discussion, Sean!  John and

              Jon, I'm particularly interested to know whether either of

              these changes would be scary from an ops/deployment

              perspective.</div>

          </div>

        </div>

      </div>

    </blockquote>

    I'm +1 on moving to npm5. The travis and circle-ci instructions

    would need to to be changed to install npm@5.<br>

    <br>

    Other things:<br>

    - there's some leftover CXX=g++-4.8 stuff that I think can be

    removed now (it was for older linux distros)<br>

    - I thought the `npm shrinkwrap` loop was known and had been fixed

    in some repos (but maybe I misremember)<br>

    - I do think there are some places/scripts that reach into

    `./node_modules/foo/node_modules/bin/bar.js`, but it just needs a

    grep-audit to discover them/any.<br>

    - (I'll mildly note that the yarn spin about npm isn't accurate, but

    I don't really care: Subresource integrity checks are the true way).<br>

    - By the way, we're also probably due to use node8, but let's do the

    cleanup for node6/npm5 now.<br>

    <br>

    John<br>

    <blockquote type="cite"

cite="mid:CAB3n-YbXWa2doQgP6uYPO9V3dcUTi7usNv75J5UOn8o970oDbQ@mail.gmail.com">

      <div dir="ltr">

        <div class="gmail_extra">

          <div class="gmail_quote">

            <div><br>

            </div>

            <div><br>

            </div>

            <div>   Cheers,</div>

            <div><br>

            </div>

            <div>     Ryan<br>

            </div>

          </div>

        </div>

      </div>

      <br>

      <fieldset class="mimeAttachmentHeader"></fieldset>

      <br>

      <pre wrap="">_______________________________________________

Dev-fxacct mailing list

<a class="moz-txt-link-abbreviated" href="mailto:Dev-fxacct@mozilla.org">Dev-fxacct@mozilla.org</a>

<a class="moz-txt-link-freetext" href="https://mail.mozilla.org/listinfo/dev-fxacct">https://mail.mozilla.org/listinfo/dev-fxacct</a>

</pre>

    </blockquote>

    <p><br>

    </p>

  </body>

</html>