I'm interested in maintaining this package

[chrisalley]

Hi @johno,

Chris Alley, author of the Pundit Matchers gem here. I'm a TypeScript developer who is reviewing options for creating "Pundit for JavaScript" that would be used in at least one production application. Rather than creating more fragmentation on npm, I'm interested in adopting or helping to maintain this package.

Some ideas that I have to improve the project include:

• Modernise development dependencies (in progress)
• Add React tests (in progress)
• Add further tests for policy.ts
• Host the repo on the Pundit Community GitHub organisation, with multiple maintainers who can come and go.
• Split the React code into a seperate package, for example @pundit/react. This would give us the option to create other integrations for Svelte, Vue, etc without increasing the size of the package.
• Convert the project to a monorepo, for example managed via pnpm workspaces.
• Create Jest/Vitest matchers, similar to Pundit Matchers.
• Investigate recreating other parts of Pundit (policy scopes, permitted attributes).
• Investigate alternative policy syntax using class methods for policy actions.

Please let me know what your thoughts are. Would this be a welcome future for the project, or better suited to a seperate project?

[johno]

Hey Chris, that all sounds great to me. I'll add you as an owner to the repo now.

I had plans to revive this puppy sometime in the next couple months since I have a production need as well, so the timing is great!

[chrisalley]

That sounds good, John. Likewise, I've invited you to become an owner of the punditcommunity organisation.

My username on npm is chrisalley. The pundit npm organisation was already taken, however it contains 0 packages. I've submitted a request to npm to see if they can transfer the ownership, although they've informed me that there may be some time before the ticket is actioned.

[chrisalley]

I haven't heard back from npm regarding the pundit npm organisation, however they did communicate there could be "significant wait times of up to multiple months". Once I've implemented #43 and #44 the featureset and test coverage should be good enough for me to start using this package in a React project. We can move to multiple packages as a later change.

I suggest we call the project Pundit.js in a formal context to differentiate it from the Ruby gem, while keeping the package name as pundit (similar to Ember's naming approach). If you're happy to do so, you could move the GitHub repo to pundit-community/pundit.js and add me as a maintainer of the package on npm. We have one other owner of the community organisation, @tagliala, who has contributed significantly to the Pundit Matchers gem.

[johno]

Works for me! I'd also add that I'd like to get publishing set up in an automated fashion, likely by changesets or something similar (#39). Btw, what's your npm username?

Will move the repo over now.

[chrisalley]

I’m chrisalley on npm.

[johno]

Added!

[chrisalley]

Hi @johno, it looks as if I haven't been granted permission on npm to publish the package. Can you please double check the permissions?

When I run npm publish I see the following after logging in:

npm ERR! code E403
npm ERR! 403 403 Forbidden - PUT https://registry.npmjs.org/pundit - You do not have permission to publish "pundit". > Are you logged in as the correct user?
npm ERR! 403 In most cases, you or one of your dependencies are requesting
npm ERR! 403 a package version that is forbidden by your security policy, or
npm ERR! 403 on a server you do not have access to.

[chrisalley]

To get the ball rolling I've published version 0.2.0 under the pundit-js package. I'll test this out on a project in the coming weeks.

I mentioned in my original post that it was my preference not to create fragmentation by forking the project, so please let me know if you're interested in sharing the pundit package. Otherwise I'll maintain pundit-js as a fork. In either case, I appreciate the initial work and code reviews.

[johno]

My bad, I thought I added you?! 🤔

❯ npm owner add chrisalley pundit
npm notice INFO: User chrisalley invited to package pundit successfully.
+ chrisalley (pundit)

You should now have owner access to pundit!

[chrisalley]

v0.2.0 has now been successfully published to the pundit package. 🥳

Thanks for sending the invite again. It looks like these invite emails from npm have been going into my junk folder and expire after 1 week.

[chrisalley]

@johno GitHub has now transferred ownership of the pundit organisation on npm to my account. I've sent you an invite to join the organisation.

I'll look into splitting out the React code into a seperate package under the pundit organisation (@pundit/react).

[chrisalley]

The invite I sent you for the pundit npm organisation expired @johno, so I've just sent another one. I believe they expire after 1 week.

[ngouy]

let's go guys
Comming from ruby to now doing js full time (nestJS) it's astonishing how things are complicated for no reason for authorization
We need this

If you are looking for help, I might have a few hours per month to give

[chrisalley]

Hi @ngouy, thanks for the offer. I think the initial React implementation is mostly there and my intent is to iron out any remaining issues and then split the React code into a seperate package. It would be great to get some perspective on using this from a NestJS perspective. What framework you using for the frontend?