Please stop the spam

[woodcockjosh]

why do I have to be distracted while I'm doing development and running and monitoring my CI process all day long with beggars with their hands out? Please let me shutter these winey package owners which I have no control over whether or not I use them because someone else is using a package, that uses a package, that uses their package.

Must I be forced to clone every spammy npm package and override? Say it hasn't come to this. Do I get terminal spam in my gradle build? What about cocoapods? Perhaps python? Composer? Anywhere else? What has gone wrong with npm???!

[midudev]

Hi Josh,

the only thing you're forced to get rid of those is to read the documentation of npm.

In order to get a clean output on your CI process you could use some flags:

npm install --no-fund --no-optional --quiet

If postinstall scripts are the problem, you could remove them as well by using --ignore-scripts.

More info:
https://docs.npmjs.com/cli/v6/using-npm/config
https://docs.npmjs.com/cli/v6/commands/npm-install

PS: In case you're wondering why these are default. I'm not from npm team and thus is not an official opinion, but I think these package maintainers that anonymously are making your app to work deserves as least your attention or your effort to put some flags.

[woodcockjosh]

I actually have all of these:

ENV SUPPRESS_SUPPORT=true
ENV OPENCOLLECTIVE_HIDE=true
ENV DISABLE_OPENCOLLECTIVE=true
ENV NPM_CONFIG_FUND=false

and all the options you mention above and I still get spam from packages that decide to use their own special variable or ignore the option.

[woodcockjosh]

Also opensource developers have been contributing without spamming for 70 years. Now all of the sudden, npm developers think they're somehow better than all those other developers that they have the right to spam their community?

[delacruz-dev]

@woodcockjosh on top of reading npm documentation, it would be great if you could also read this post on how to give good feedback.

Spoiler: ranting !== good constructive feedback

[woodcockjosh]

I read that just before I posted this. Go ahead pile in and dismiss feedback because it doesn't align with whatever you consider to be not ranting. what do I care.

[ljharb]

Have you tried npm 7? I believe all output from non-failing post install scripts is suppressed.

[MylesBorins]

hey @woodcockjosh, Myles from GitHub here.

I'm going to mark one of the above responses as an answer. I think a combination of setting a number of global settings as well as switching to npm 7 is a good first step here. If you have example of particular packages that are noisy I would be happy to take a look at the output with various settings across npm 6 and 7 and see what edge cases we are not covering.

it is possible that we explore different ways to improve the status quo here including potential policy changes to avoid spam in pacakges.

As an aside, I know that you are frustrated, but I personally don't find the way you have chosen to engage in this issue as being entirely inline with our code of conduct for this repo. To be clear, I don't think that anything crosses the line of requiring moderation, but it does make it harder for me to see that you want to engage in good faith and make actual changes to improve the status quo.

I can assure you that no one wants the experience of using npm to be riddled with spam, so it would be helpful if you give us the benefit of the doubt that we want to do better and work with us to figure out what types of improvements we can make