npm cli install without postinstall

[timfish]

postinstall creates a whole host of issues which it would be nice to not have to deal with.

I've seen a similar issues when distributing native node binaries and wonder whether some of the solutions I've seen in use there might be an improvement here.

Firstly, you publish an npm package per platform/arch combo (@sentry/cli-{platform}-{arch}) and include the cli binary in there.

• In package.json set main as the path to the binary and then it can be found later by simply require.resolve('@sentry/cli-${process.platform}-${process.arch}')
• In package.json correctly define os and cpu properties which ensures that they will only install on the correct platform/arch
• You can even set bin in these packages if you want them to be directly accessible.

Then in @sentry/cli you list all the above as optionalDependencies. After this, when installing @sentry/cli, npm/yarn will attempt to install all the optional dependencies and only succeed on those where the os and cpu match.

Bonus: If your JavaScript code used to find the binary uses complicated enough dynamic paths construction, @vercel/nft gives up and wont include them.

This approach is already used by Parcel, Next.js and plenty of others.

Downsides?

• It is perhaps abusing optionalDependencies but everyone appears to be on this train now so maybe it wont crash?
• Does npm/yarn have to download all the optional dependencies before checking the os and cpu? 🤔

[github-actions]

This issue has gone three weeks without activity. In another week, I will close it.

But! If you comment or otherwise update it, I will reset the clock, and if you label it Status: Backlog or Status: In Progress, I will leave it alone ... forever!

---

"A weed is but an unloved flower." ― Ella Wheeler Wilcox 🥀

[kamilogorek]

ref: https://github.com/npm/rfcs/blob/528fa298a3529dcae3f58cbf2f9a577ba16b479f/accepted/0000-package-distributions.md

[me4502]

Given the size of the sentry-cli binary, in poor network conditions this can be a substantial issue on CI. Currently this breaks the Yarn caching & install model (https://yarnpkg.com/advanced/lifecycle-scripts#a-note-about-postinstall), leading to the cache being bypassed and the entire binary being downloaded on every run.

Would definitely be good to not have postinstall used to download a large binary

[krystofwoldrich]

• linking related issue @sentry/cli binary doesn't download (leads to iOS build failure) sentry-react-native#2688

[lforst]

Plan of action:

• Create packages for all different architectures (just the package.json) build: Add placeholder packages for npm binary distributions #1828
• Configure Rust build tooling to emit the binaries into the packages in the right place
• Configure craft to publish the packages
• Add the architecture packages as optional dependencies (we will likely need some sort of prepublish script that always aligns the dependency versions)
• Point the JS entry point to the new architecture binaries
• Turn the post-install script to a no-op and add a deprecation notice because we will want to remove it in the next major.