Arch Linux User Repository

@phnx47 that assumes people aren't building in a chroot, which is really what they should be doing with AUR packages.

I think the statement that "fnm is better than nvm" is a little contrived and subjective; I don't use JS with any sort of regularity (SRE; primarily golang and rust), but some cursory searching doesn't indicate that fnm has supplanted nvm as "the default".

That said, this is your package. You do with it what you want, and have no need to make adjustments to it unless you think it is logical and needed.

Note, however, that it is typically recommended to read and follow the packaging guidelines for packages you want to maintain. For this, we have the NodeJS Package Guidelines. These are not rules, simply guidelines.

I tried to improve build with fnm, but this create a lot of discussions. Let's explain again.

To build ledger-live you need exactly NodeJS 16: https://github.com/LedgerHQ/ledger-live/tree/%40ledgerhq/live-desktop%402.49.2/apps/ledger-live-desktop#requirements.

I can just pin nodejs-lts-gallium, many packages do same thing, for example code: https://github.com/archlinux/svntogit-community/blob/packages/code/trunk/PKGBUILD. It is ok for Arch Packages, but for AUR create nodejs versions conflicts with every upgrade packages. Check vscodium: https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=vscodium. There is nvm dependency. It makes possible build package without nodejs versions conflicts. fnm is better alternative for nvm. One more code-git: https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=code-git, there is nodejs-lts-fermium, they forgot to update nodejs version and build failes!

Should I do it?

i have absolutely no opinion on the matter. personally, i would have probably moved the package to use fnm, too. it's small and fast, plus, it gets cool points for being rewritten in rust.

that said, nvm is more well-known and battle-tested, and likely not as foreign to people who write node regularly, or to people who don't write in node at all -- it's this latter group that has likely never even heard of fnm.

@sudoforge I can use nvm instead of fnm. Should I do it?

@verdrisarko: baseless fearmongering serves nobody. Show me the enlargened attack vector and I'll revert the change.

@phnx47: the wiki page talks about nvm, yes, but not fnm.

@vedrisarko Build issues with different NodeJS versions. LedherHQ build it with NodeJS 16 and put info to .nvmrc: https://github.com/LedgerHQ/ledger-live/blob/develop/.nvmrc.

Here 3 options:

1) Test with every NodeJS after changes. It is what I did before, but it is time consuming.

2) Pin dependency to nodejs-lts-gallium. This will be conflicts dependency with rebuild if you use different NodeJS version in your machine.

3) Use fnm or nvm and read version from .nvmrc: check '4. Using nvm' - https://wiki.archlinux.org/title/Node.js_package_guidelines. fnm is better alternative for nvm. But both of them from AUR.

@vedrisarko Do you have any issue with this? If you worry about 'make' dependencies, you can use ledger-live-bin.

This package worked 100% in 2.49.2-4 before you added package fnm.

Why did you add package fnm?

Adding package fnm just increased the attack vector likelihood of this package and decreased the security potential of this package. fnm is an unnecessary package.

BEWARE

@sudoforge No worries! Thank you for your feedback!

i don't think i've actually updated that package since adopting it; it's wildly out of date and needs to be dramatically improved. thanks for reminding me about that!

i think my brain is fried from a long day; you're absolutely right that dist isn't relevant. anyway, glad you were able to get the invalid symlink / erroneous copy fixed!