[Feature] Ship to NPM and other registries with flag?

[j-mendez]

Is this crate set to be the center to take the shipping process for other package registries with the correct way to start the binaries?

If so, there is this project rust-to-npm that has the option to handle Rust/cargo -> Node/npm. I think adding this could benefit CLIs.

[ashleygwilliams]

this is how i've done it in the past: https://github.com/rustwasm/wasm-pack/tree/master/npm which is sorta similar to rust-to-npm. definitely on the roadmap!

[bakkot]

rust-to-npm relies on the user building the binary, which is a lot to ask. Another way of doing it, which as far as I know was pioneered by esbuild, is to publish a separate package for each supported platform/architecture, and then a package which relies on each of those packages with optionalDependencies and which has a small shim which finds and executes the appropriate one. npm will pick the appropriate package from the optionalDependencies and install only that one.

There's a writeup of the approach here. I've used it myself in this project so people with node already installed can send/receive files with npx magic-wormhole, and can confirm the experience is quite nice.

A nice touch is to have the main package have a postinstall script which replaces the shim with the actual binary, so that subsequent invocations can skip the shim. You could also put that code in the shim itself and do without the postinstall, I imagine.

People do a similar trick in Python, though Python wheels let you specify different files for different platforms directly instead of needing separate packages.

[j-mendez]

@bakkot I agree on the above, I think Rust-to-npm is still a valid entry for certain groups on security aspects requiring the files to compile instead of trusting a binary.

[Gankra]

The version ashley proposed will be shipping in 0.0.6 ~today

• Npm installer #210
• feat: support keywords in npm installer #228
• fix(npm-installer): Update binary.js to respect suppressLog passed from run.js #224
• https://opensource.axo.dev/cargo-dist/book/installers.html#npm (docs will only go live when we cut the release)

[j-mendez]

@Gankra looks good! I noticed theres not a uninstall file set for removing the binary.

[Gankra]

Do you have examples/requirements for that? I don't think I've ever seen someone use uninstall.

[j-mendez]

@Gankra the uninstall script is triggered when a package is removed like npm uninstall package_name. It is useful for removing extra deps or in this case the bin. The example for rust-to-npm project can show the usage.

[ashleygwilliams]

@j-mendez the implementation we went with (which i've used before) handles the clean up :) you can test yourself using the @axodotdev/cargodist pkg or here's a log from my terminal:

ag_dubs@Ashleys-MBP-2 npmtest % npm install @axodotdev/cargodisttest

added 34 packages, and audited 35 packages in 2s

4 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities
ag_dubs@Ashleys-MBP-2 npmtest % ls node_modules/.bin
cargodisttest
ag_dubs@Ashleys-MBP-2 npmtest % npm uninstall @axodotdev/cargodisttest

removed 34 packages, and audited 1 package in 132ms

found 0 vulnerabilities
ag_dubs@Ashleys-MBP-2 npmtest % ls node_modules/.bin
ag_dubs@Ashleys-MBP-2 npmtest %

[j-mendez]

@ashleygwilliams lovely! I am about to add a section towards the other project highlighting the differences so people can be directed to the right project. Big fan of having the option to execute from node simply from the binary installation without having to rebuild on the machine. Thanks again!

[ashleygwilliams]

@j-mendez that's rad! thanks so much and of course- if you run into anything please don't hesitate to open up a new issue, even if its just a question :)