chore: add meeting notes

Author: ruyadorno

meetings/2020-07-22.md

@@ -0,0 +1,74 @@
+#### Meeting from: July 22nd, 2020
+
+# Open RFC Meeting (npm)
+
+### Attendees
+- Darcy Clarke (@darcyclarke)
+- Christian Siebmanns (@christian24)
+- Ruy Adorno (@ruyadorno)
+- Isaac Z. Schlueter (@isaacs)
+- Claudia Hernández (@claudiahdz)
+- Lukas Spieß (@lumaxis)
+- Wes Todd (@wesleytodd)
+- Zbyszek Tenerowicz (@naugtur)
+
+### Agenda
+1. **Housekeeping**
+	1. Introduction(s)
+	1. Code of Conduct Acknowledgement
+	1. Outline Intentions & Desired Outcomes
+	1. Announcements
+1. **PR**: [#165 RFC for parent package.json](https://github.com/npm/rfcs/pull/165) - @Christian24
+1. **Issue**: [#160 [Poll] Preference on how to filter workspaces](https://github.com/npm/rfcs/issues/160) - @ruyadorno
+1. **PR**: [#150 RFC: Add file+pack dependency protocol](https://github.com/npm/rfcs/pull/150) - @RecuencoJones
+1. **PR**: [#129 RFC: overrides](https://github.com/npm/rfcs/pull/129) - @isaacs
+1. **PR**: [#126 RFC: Adding types information to the Package JSON in the  registry](https://github.com/npm/rfcs/pull/126) - @orta
+1. **PR**: [#117 RFC: npm workspaces - Running Commands](https://github.com/npm/rfcs/pull/117) - @ruyadorno
+1. **PR**: [#114 RFC: Expand list of ignored files](https://github.com/npm/rfcs/pull/114) - @ruyadorno
+1. **PR**: [#96 RFC: Add publish confirmation prompt](https://github.com/npm/rfcs/pull/96) - @ruyadorno
+1. **PR**: [#18 npm audit resolve](https://github.com/npm/rfcs/pull/18) - @naugtur
+1. **PR**: [#185 Add ability to skip script hooks](https://github.com/npm/rfcs/pull/185) - @lumaxis 
+1. **PR**: [#182 RFC: npm audit licenses](https://github.com/npm/rfcs/pull/182) - @bnb
+
+### Notes
+
+### Parent package.json
+- Problem description: managing multiple packages, would be great to reuse info across these
+- might be a very difficult problem to solve due to the complexities of the JavaScript ecosystem
+- workspaces in npm7 could also open up more possibilities (maybe challenges?)
+- implementation ideas:
+  - no package.json extension at install time
+  - disallow publishing of extensions keys to the registry
+  - [read-package-json](https://github.com/npm/read-package-json) / [read-package-json-fast](https://github.com/npm/read-package-json-fast)
+  - add logic to merge package.json during pack tarball time
+  - we could ship it in a v7-minor release
+  - need research to land in the exact key to use in package.json
+  - TS currently uses "extends"
+- if we allow users to extend from published versions in the registry it gets way harder to build the ideal install tree (might need to add read-package-json as a pacote dep, etc)
+- should it be a ref to published package or to a file?
+- limiting consumption to exclude git-specs already simplifies by a lot the surface for end consumers that would not have to deal how package authors publish tags, etc
+- def have some details to be figured out
+
+### Preference on how to filter workspaces
+- Let's document the results in the RFC
+
+### Add publish confirmation prompt
+- RFC ratified :+1: 
+
+### Audit resolve
+- @naugtur updated the RFC and updated JSON Schema
+
+### Add ability to skip script hooks
+- Fix to strange behavior of `--ignore-scripts` in `npm run-script`
+- When running `npm test --ignore-scripts` it's more intuitive to skip `pretest` and `posttest`
+- Could it be tweaked to ignore specific lifecycle (e.g `postinstall`) when running `npm install`?
+  - ref: https://npm.community/t/add-ignore-script-scripts/4169/18
+  - That should be a diff RFC/discussion
+- RFC ratified :+1: 
+
+### npm audit licenses
+- license checker built into npm cli itself
+- command: `npm audit license`
+- might interact with the audit resolve proposal on how to block/ignore/allow results
+- should be part of the default `audit`, some niceties like having results at install time
+- missing a better control at level, since some of the problems might not have a solution, same as current `audit` implementation (are probably going to be better once audit resolve is available)