docs: add meeting notes from 2022-04-06 call

darcyclarke · web-flow · commit 95a4e272854d · 2022-04-06T15:03:32.000-04:00
diff --git a/meetings/2022-04-06.md b/meetings/2022-04-06.md
@@ -0,0 +1,111 @@
+#### Meeting from: April 6th, 2022
+
+# Open RFC Meeting (npm)
+
+### Attendees
+- Darcy Clarke (@darcyclarke)
+- Nathan Fritz (@fritzy)
+- Ruy Adorno (@ruyadorno)
+- Jordan Harband (@ljharb)
+- Bogi Wennerstrøm (@boginw)
+- Owen Buckley (@thescientist13)
+- Caleb Everett (@everett1992)
+- Gar (@wraithgar)
+
+### Previously...
+
+- [2022-02-23](https://github.com/npm/rfcs/blob/main/meetings/2022-02-23.md)
+
+### Agenda
+
+1. **Housekeeping**
+	1. Introduction(s)
+	1. Code of Conduct Acknowledgement
+	1. Outline Intentions & Desired Outcomes
+	1. Announcements
+	    - [**v9 Roadmap**](https://github.com/npm/statusboard/issues/443)
+
+#### ℹ️ Updates:
+
+1. **Improving Output:**
+    - **Issue**: [#482 [RRFC] npm should use stderr for errors](https://github.com/npm/rfcs/issues/482) - @exx8
+    - @lukekarrys wip: streaming log file, progress bar improvements, we can take out of the agenda for now
+2. **Respecting returned registry `resolve` fields:**
+    - **PR**: [#486 Resolved registry overrides](https://github.com/npm/rfcs/pull/486) - @everett1992
+    - **PR**: [#4264 implement options affecting &#x60;resolved&#x60; value in lock files.](https://github.com/npm/cli/pull/4264) - @everett1992
+    - @fritzy `replace registry host` can be either `default` (https://registry.npmjs.org), `always` (replacing with `registry` value) or `avoid` replacing at all. ref: https://github.com/npm/pacote/pull/143
+    - @everett1992 an important feature needed is to skip storing the custom registry value back to the lockfile (interesting usecase with rotating registries)
+3. **`npm copy`:**
+    - **PR**: [#493 docs: add npm copy rfc](https://github.com/npm/rfcs/pull/493) - @everett1992
+    - https://github.com/npm/cli/pull/4082
+4. **Package Distributions:**
+    - **PR**: [#519 RFC: Package Distributions](https://github.com/npm/rfcs/pull/519) - @darcyclarke
+    - TBD: Schedule a separate call to discuss the proposal
+5. **Shared Version Specifications**:
+    - **PR**: [#528 RFC: Shared Version Specifications](https://github.com/npm/rfcs/pull/528) - @boginw
+    - https://github.com/npm/rfcs/pull/528#issuecomment-1068424777
+    - @darcyclarke a way to work around this is to use `overrides` to tie various semver ranges declared for a given package in the installed graph to a specific version of a package
+6. **Improving Workspaces:** 
+    - **Issue**: [#556 [RRFC] improving the workspaces symlinking experience](https://github.com/npm/rfcs/issues/556) - @bnb
+    - @ruyadorno
+      - this has been implemented for `npm version`
+      - can now map the same functionality to other commands (like the example, `npm init`) 
+
+#### ⭐️ New Items:
+
+#### 1. **Issue**: [#4236 BREAKING CHANGE(bin): command should not return non-existent paths](https://github.com/npm/statusboard/issues/479) - @lineus
+- @ljharb 
+  - many people abuse `npm bin`  & have put it in their path
+  - should be encouraged to use `npx`
+- @darcyclarke
+  - this has been added to the `v9` backlog of breaking changes
+- @wraithgar
+  - should we just deprecate this command? what is the use for it these days?
+
+#### 2. **Issue**: [#3806 [FEATURE] run-script with workspaces should short-circuit on script error](https://github.com/npm/cli/issues/3806) - @johndiiorio
+- @wraithgar 
+  - this was discussed previously and was a deliberate decision when we first implemented support to workspaces
+- @darcyclarke
+  - adding a `--fast-fail` or `--bail` option sounds like a reasonable decision
+
+#### 3. **Issue**: [#539 [RRFC] Security: audit lockfiles for injection](https://github.com/npm/rfcs/issues/539) - @fritzy
+- @fritzy 
+  - arguments have been made that if someone can modify files in your repo 
+- @darcyclarke
+  - could shove this check in `npm doctor` 
+
+#### 4. **PR**: [#547 add &quot;obey user specifier&quot; RFC](https://github.com/npm/rfcs/pull/547) - @ljharb
+- @ljharb 
+  - this came up because of a breakage
+  - `npm install =` resolves to `^`
+  - `npm` has always behaved this way (ie. drops all prefixes & uses the `save-prefix`)
+- @wraithgar 
+  - this is a bug
+
+#### 5. **Issue**: [#548 [RRFC] Add flag for running NPM commands in transitive dependencies](https://github.com/npm/rfcs/issues/548) - @zgriesinger
+- @zgriesinger
+  - currently use lerna for this (topological order for building)
+  - respecting dependencies and running 
+- @darcyclarke
+  - https://turborepo.org/docs/features/pipelines
+- @ljharb
+  - current tooling do not deviate from the regular dependency graph
+- @wraithgar
+  - seem weird to have these magic/special relationships when running scripts (ex. `npm test` should not, by default, run the tests of dependants)
+- @ruyadorno
+  - we've tried this awhile back with `postinstall` scripts for `.reify()`
+  - we can probably fix
+
+#### 6. **Issue**: [#549 [RRFC] support different &#x60;--before&#x60; policy per package prefix/pattern](https://github.com/npm/rfcs/issues/549) - @osher
+
+#### 7. **Issue**: [#559 [RRFC] expanding behavior of &#x60;--before&#x60; to support date adjustment and setting via config](https://github.com/npm/rfcs/issues/559) - @MylesBorins
+
+#### 8. **Issue**: [#4558 [BUG] Cannot work on FAT32 USB drive](https://github.com/npm/cli/issues/4558) - @szatanjl
+
+#### 9. **PR**: [#564 RFC: Dependency Selector Syntax &amp; &#x60;npm query&#x60;](https://github.com/npm/rfcs/pull/564) - @darcyclarke
+
+#### 10. **PR**: [#566 RFC: Command Specific Configuration](https://github.com/npm/rfcs/pull/566) - @darcyclarke
+
+#### 11. **PR**: [#550 RFC: Improve signature verification](https://github.com/npm/rfcs/pull/550) - @feelepxyz
+
+#### 12. **Issue**: [#546 [RRFC] Clean up file ownership story](https://github.com/npm/rfcs/issues/546) - @ruyadorno
