Rationale for elm's packager

Is there anywhere I can find a rationale behind the design of elm’s package manager? For example, why does it impose Github? Why does it try to connect to the package server even when the packages have already been downloaded?
Any information on this would be greatly appreciated, thanks!

1 Like

“For example” - does it mean you have more?

For GitHub it was already answered some place by the creator. Package names are same as account-name/project-name. Everyone uses GH so why not? Otherwise, package names would have to include source names? I believe some choices are made because it’s best to verify ideas, then expand. Anyway, you can develop your own package manager. I remember at least one alternative other, e.g. elm-github-install.

As for connecting the server, I could only guess or read the code. I don’t want to be rude but it’s open-sourced. First find out what is it doing, then ask for rationale. It may be you won’t ask anymore.

I suggest you to find out what it is doing, describe all your doubts here and tell us why you think it is bad, if that is so. That could open some discussion. I believe not many know the current state of packager internals so we don’t know what to be judge for, exactly.

2 Likes

Thank you for replying!

Sure:

  • Why does the package manager require an internet connection?
  • Are there any plans to allow private repositories?
  • Is it feasible to disable checks when all packages have already been downloaded?

I would be very interested if you could provide me with a link!

Well, I’m not so sure about that: I’m using Elm at work and although we do use Github on our open-sourced projects, our private ones are hosted on our own servers (the defense industry is notoriously reluctant to put its code on a cloud). It’s just a very unusual choice to tie a package manager to a commercial vendor (even more so now it has been acquired by Microsoft) and no amount of digging in the source code can tell me why this choice was made.

elm-github-install has not been upgraded to work with Elm 0.19 and will probably never be (cf. https://github.com/gdotdesign/elm-github-install/issues/62). I’m unlikely to be more successful writing my own package manager. Currently, we put our elm-stuff directory under version control (which poses all sorts of headaches, but at least I can compile without an internet connection, most of the time).

Yes, it is open-source. However, the code does not contain the design decisions. For example this line in the source code tells me we are necessarily uploading to Github, but it does not tell me why.

I believe I have done that: what is missing? As for my doubts, well here goes:

  • Requiring an Internet connection means we cannot build offline and slows down the build when running unnecessary checks (if the packages have already been downloaded)
  • Relying on a single vendor (Github) gives that vendor a huge weight and means we need to store our repositories in the US if we wish to make our own packages
  • Relying on git itself is not necessary and means we cannot use artifact repositories (eg. Nexus or Maven)

I believe not many know the current state of packager internals

Indeed: for example, this file has only one contributor.

I’m just trying to understand why the nature of Elm imposes those choices. I’m not trying to undermine the work that has been done, just trying to understand what the reasoning behind the package manager is.

5 Likes

I think it has probably more todo with a limited amount of ressource (dev/time) available around this tool.
A more configurable dependency manager around those aspects would be a blessing.

4 Likes

Ok, that makes sense: thanks!

I guess imposing github was due to the time, when it was decided. Gitlab wasn’t really around back then for e.g. (or well not as big?)

I remember some previous discussions about the GitHub dependency and I’m fairly confident the reason was simply to avoid having to build up things like a user account management system for package.elm-lang.org, at least for now - all that tricky identity/access management stuff is just delegated to GitHub.

As for online/offline, the package manager should indeed work just fine if you’re offline (as long as you’ve previously downloaded any necessary packages, so that they’re cached on your machine). It will try to connect to package.elm-lang.org if you’re online (presumably to check for updated package versions, but now I’m just guessing) but should gracefully fall back to using the local cache otherwise. Is that not the case for you?

Is that really necessary? Do we have to have user accounts for the package manager to work? This is not a rhetorical question: I’m really asking! I was thinking all that is needed is an artifact repository (an ftp or Nexus raw repository) but maybe I’m being naive…

Yes it is, it’s just that the build takes longer and if I specify an exact package version which was already downloaded, I don’t understand why the package manager needs to check for updates.

Another unanticipated (at least for me) consequence is that elm-analyse does not work offline because it fails on package checks.

Also, hitting the package.elm-lang.org server puts an unnecessary burden on it.

1 Like

There are two ways of addressing an issue like this: the quick way and the proper way. The proper way requires analysis and design. It is not a trivial issue and there are other things that have higher priority.

For more about this please take a look at About Private Packages and the threads it links.

In the mean time, there a various approaches that can solve the problem without requiring changes to the way elm handles packages.

Thank you! That is exactly what I was looking for!

Are you referring to something like elm-git-install?

Yes, something like that.

I think it is required, otherwise anybody would be able to publish any package. I could hack elm/core for example and publish a new version of it. Only Evan or core team members can do that with the GitHub accounts and permissions.

OK, that makes sense. But maybe a URI would be sufficient?
eg.

file://my-local-rpo.git
or
http://github.com/elm/json/tree/1.1

instead of

elm/json/tree/1.1

1 Like

Seems that Github and other services like Gitlab have been banned from Iran so I can understand why some companies can be scared of Elm imposing Github.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.