On 05/02/2024 13:15, Havard Eidnes wrote:
* Does pip3 or pnpm duplicate some of the functionality of
pkgsrc, such as dependency tracking? Do they have operations
corresponding to "pkgin fug"? I suspect they are covering
parts of what pkgsrc is or does, but not all. And for a
partial coverage, the admin now has to relate to multiple
packaging systems, which increases admin complexity.
My suspcion is that with these other installation methods, there's a fair chance you'll miss out on several of these.
Pip and npm both do depedency management.Pnpm and all the other javascript package manages have the ability to upgrade packages and audit for security. The upgrade mechanism is quite sophisticated and is based on version scope definitions in package.json.
Pip can also do upgrade. With pip you can put version restrictions on the command line or in a configuration file.
One thing to consider is that certainly for pip/pnpm the scope of upgrade is not usually the system or even the user home directory due to the potential for conflicting depedendency requirements. Instead each node system has its own local package installation set.
The recommended best practice for pip is to create a virtual environment for each python application. The normal global scope is the user home directory. Again virtual environment is the recommended practice because of conflicting dependency requirements between different python applications.
For npm the normal scope is a single javascript application in a directory. There may be a few globally installed things like pnpm itself. The normal 'global' scope is the user home directory. This restricted scope is quite intentional as if you are working on different things they might all have different version dependencies.
So based on this having python pkgsrc packages is useful for system installed python things. Even then many people would just install them using pip install into their home directory.
Same is probably true for pnpm but system wide installations for anything node based is unusual apart from the various package managers (yarn, npm, pnpm). A per user or even per directory install is much more common. I do have one npm based thing installed on one of my systems but that is a directory based installation with package.json to ensure that the packages use align with those used during development and testing.
The node world is moving away from system wide package manager installation. npm will be there as its part of the node distribution but all the others are now often loaded into each node environment using definitions in package.json to ensure that the correct version for that setup is in use. Its still experimental at the moment but that's the way things are flowing.
Mike