docs: add meeting notes from 2021-09-01 call

darcyclarke · web-flow · commit b9ce246e54ca · 2021-09-01T14:58:42.000-04:00
diff --git a/meetings/2021-09-01.md b/meetings/2021-09-01.md
@@ -0,0 +1,102 @@
+#### Meeting from: September 1st, 2021
+
+# Open RFC Meeting (npm)
+
+### Attendees
+- Darcy Clarke (@darcyclarke)
+- Gar (@wraithgar)
+- Vincent Bailly (@VincentBailly)
+- Isaac Z. Schlueter (@isaacs)
+- Nathan Fritz (@fritzy)
+- Owen Buckley (@)
+- Nathan LaFreniere (@nlf)
+
+### Previously...
+
+- [2021-08-25](https://github.com/npm/rfcs/blob/latest/meetings/2021-08-25.md)
+
+### Agenda
+
+1. **Housekeeping**
+	1. Introduction(s)
+	1. [Code of Conduct Acknowledgement](https://www.npmjs.com/policies/conduct)
+	1. Outline Intentions & Desired Outcomes
+	1. Announcements
+1. **`npm` v8 Plan:** https://github.com/npm/rfcs/issues/445 ~ @nlf
+1. **PR**: [#441 addendum: overrides apply if value matches, as well as key](https://github.com/npm/rfcs/pull/441) - @isaacs
+1. **PR**: [#437 RFC: Robust Lifecycle Scripts](https://github.com/npm/rfcs/pull/437) - @fritzy
+1. **PR**: [#436 new installation mode: pure-mode](https://github.com/npm/rfcs/pull/436) - @VincentBailly
+1. **PR**: [#422 RFC: audit assertions](https://github.com/npm/rfcs/pull/422) - @bnb
+1. **PR**: [#126 RFC: Adding types information to the Package JSON in the  registry](https://github.com/npm/rfcs/pull/126) - @orta
+
+### Notes
+
+#### **`npm` v8 Plan:** https://github.com/npm/rfcs/issues/445 ~ @nlf
+- @nlf 
+  - want to set ourselves up for success in the future
+  - `npm@8` should drop support for `node@10`
+  - `npm@7` had a number of issues when consumers upgraded
+  - `npm@8` should refuse to install a version of itself that is not compatible with the current `node` version for end-users
+- @ljharb 
+  - "What about the 'stricter peer deps' change becoming default?"
+- @nlf
+  - we want to keep the number or breaking changes to a limited set
+- @isaacs 
+  - the "refuse to install a breaking version of the CLI" is a `npm@7` change we'll make to help with migration to `npm@8`
+  - in terms of 'stricter peer deps' as 
+- @wraithgar
+  - the less that breaks, the more likely we are to land this version of `npm` into `node@8` 
+
+#### **PR**: [#441 addendum: overrides apply if value matches, as well as key](https://github.com/npm/rfcs/pull/441) - @isaacs
+- @isaacs 
+  - we need to keep track of overriden nodes in the tree somehow
+  - making this ammendment ensures that string or dot members can match on current node so that we can apply override nodes properly
+  - there are some implications
+- **Actions:**
+  - [ ] @isaacs to pull in changes to spec
+
+#### **PR**: [#437 RFC: Robust Lifecycle Scripts](https://github.com/npm/rfcs/pull/437) - @fritzy
+- @fritzy
+  - no updates from last week
+- **Actions:**
+  - [ ] @fritzy to flush out the rest of the RFC sections
+
+#### **PR**: [#436 new installation mode: pure-mode](https://github.com/npm/rfcs/pull/436) - @VincentBailly
+- @VincentBailly
+  - based on last week's meeting notes/action items:
+    - On SemVer: There isn't a need to make this a major version bump as it is an opt-in feature - it can wait to be introduced in a major if we _want_ to
+    - On Breaking Changes: Packages that rely on the hoisting behavior for shadow dependencies, usually accidentally.
+    - Examples of Broken Projects: Packages that do static analysis, Amazon Web Services & React Native projects do not support symlinks & would be broken by a strict-mode/symlinked mode
+  - the examples of broken projects does not feel scary, personally, & is following a paved-path by other package managers (ex. `pnpm` & `yarn`)
+- @isaacs 
+  - had a sync w/ @fritzy & @vincentbailly
+  - potential for lockfile & node_modules folder to not be accurate based on the initial implementation strategy we've discussed to transmute the tree between modes
+  - that said, the hidden lockfile should always be accurate
+  - there is a spearate conversation happening about the sharing of deps in a separate issue (#375)
+- @vincentbailly
+  - there was a question about whether or not this pertains to just Workspace projects or to all projects
+  - the answer to this is that this RFC, & corresponding work, should apply to **all** projects
+  - seems to be some confusion in the vocabulary
+- **Actions:**
+  - [ ] @vincentbailly will reframe the RFC to be more clear & direct people to #375 (ie. focus on motivation)
+  - [ ] @vincentbailly will come up with options for a new name, as "Pure Mode" isn't well recieved by everyone (potentially run a poll using emojis)
+  - [ ] @vincentbailly to review RFC to ensure it is clear that this mode applies to **all** `npm` projects
+
+#### **PR**: [#422 RFC: audit assertions](https://github.com/npm/rfcs/pull/422) - @bnb
+- @bnb
+  - updated the RFC based on the last set of action items
+  - there is some discussion around trust sources
+  - not sure how important that feedback is to consider
+- @darcyclarke
+  - has @asciimike jumped in & been able to help at all?
+- @bnb
+  - yes
+- **Actions:**
+  - [ ] @darcyclarke to add comments/feedback about API design (ie. `npm audit assert --module=<package spec>` vs. `npm audit asser <package spec>`)
+
+#### **PR**: [#126 RFC: Adding types information to the Package JSON in the  registry](https://github.com/npm/rfcs/pull/126) - @orta
+- @wraithgar 
+  - no evaulation of `flow`, no one has asked for this
+  - dropped `flow` 
+- **Actions:** 
+  - [ ] @wraithgar to pull in [PR #103, adding `types` field to `read-package-json`](https://github.com/npm/read-package-json/pull/103) - future publishes will now have that metadata included
