React and patternfly (or other nodejs) build requirements



I would like to package a web interface which is using a module bundler (e.g. a react hello world). Reading through NodeJS Packaging wiki and the nodejs SIG doesn’t really helped me… Well I started to automate npm spec creation for a creat-react-app demo and for the grafana webui, but this resulted in thousands of spec files and a seemingly endless dependencies nesting (e.g. webpack3 html-plugin needs a special uglify-js which needs a special loader-utils …).

Are we supposed to package each requirements independently and list them as virtual provide bundled?
Then is there a robot to trigger rebuild when a bundled dependency get updated?

Or is there a plan to have a koji plugin or something to automate packages.json build requirements? E.g. to enable using “npm install” when building package, but using a set of approved package pulled from a local registry mirror.



A lot of nodejs modules are already packaged in Fedora, so you don’t need to package everything.

That’s the ideal way.

Unfortunately, but once you get to the point of everything packaged - other applications can be packaged without creating yet another thousand of modules.

If you bundle everything, it’s only up to you to keep bundled version updated. If you packaged it separately, you don’t need to rebuild anything.


Tons of modules are unpackaged or outdated. Not only JavaScript, the same with Ruby and Go.

I’d suggest to use Flatpak, it will be faster.


Thanks for the fast replies.

Agreed, but that’s a lot of work…

Because webpack automatically bundle build-requirements, it seems like we would have to rebuild the web-interface to benefit from the update.

How flatpak solves the issue of building without internet access? I want to use proper packaging to mitigate issues related with pulling dependencies from external sources like npm registry at build time. Also, how do you know what versions are being used in the resulting flatpak?


I’m not experienced with webpack, but why can’t it simply use libraries provided by system? But even if it bundles build-dependencies, you can easily query buildrequirements and rebuild your package. freshmaker was supposed to track such cases and rebuild modules, but I didn’t hear any plans about deploying it yet.


Flatpak scripts can collect direct links of npm or another packages with their depends. The example

RPM was designed 20 years ago and just don’t care about modern technologies.


A bundled with tons of internal dependencies; It should not matter to you… example Chromiun bundles hard number of internal dependencies. The unique important is if your “web interface” uses a ffmpeg… Here a example of Atom with npm… And if someone comes with packaging rules; go to mourn elsewhere (warned). :grin:


Webpack can use libraries provided by the system. Thank you for introducing me to freshmaker, it seems like the right tool to manage bundled dependencies update.

It doesn’t seems like RPM don’t care, you’ll have the same issue with other build system. The flatpack script you reference is using prebuilt binaries, how to tell what is bundled in this flatpack? How to rebuild it if those links disappear? And how to fix a security issue, such as the one recently found in event-stream?
I would like to stick to RPM since it is a battle tested solution for these sort of issues.

I guess we have no other choices :-). It doesn’t seems too bad, at least for react and patternfly, but it is a lot of work…


freshmaker - just the third-party tool hardcoded with two another Fedora-only specific tools. I can’t call it ‘universal solution’.

Will be glad to see something like flatpak-builder-tools in “battle tested solution”. Good luck.