Update: Personal Config Loads Global-Installed Packages #28
Conversation
mysticatea
added
enhancement
mysticatea
changed the title
|
I think this is a bad idea - eslint shouldn’t be encouraging anything to be installed globally, and having a personal config imo is also a bad practice. If a project doesn’t have eslint configured, eslint shouldn’t be run on it. |
|
I agree with @ljharb's concern about encouraging the use of global installation. That being said, we do currently support the use case of having a personal config in the user's home directory, and this does seem like it would help those who use it out. I know we've hashed this out a lot over the years, but I wonder it it would be worth digging into this discussion again (though it doesn't have to be in this RFC!). I wonder if we could avoid a lot of confusion if we just didn't support running ESLint globally (showing a helpful error message letting the user know they should install locally) and instead offered something like eslint-cli for those who really need a globally accessible |
|
I don't think we should do this. The idea of a "global installation" isn't well-defined by Node -- it's something defined by npm that doesn't always exist for other package managers. I think we should avoid any kind of "magic" that tries to make guesses about the user's package management strategy. I also agree with @ljharb that we shouldn't encourage the use of global installations/home-directory configs. |
|
Yes-- I would prefer we either have personal configs resolve from CWD, leave them as they are, or remove support for personal configs entirely in 7.0. |
|
I agree with the personal config is a bad practice. But it's supported now. The problem that this RFC wants to resolve is that people have to install dependencies into their home directory when they use the existing personal config functionality. My position is that it's pretty worse than global installation. Because people have often had their project directories in their home directory, so those projects can load the packages in the home directory in mistakes. This problem was not in ESLint 5 and older. I strongly don't want to encourage to install dependencies into the home directory instead of global installation. |
|
is personal config documented somewhere? if yes, we might have to fix it in eslint v6, and give user a warning so we can remove it in eslint v7/v8. |
I agree that this isn't ideal. However, I don't think the solution is worthwhile.
It seems like the reasoning for this RFC boils down to saying, "It's inconvenient to manage dependencies for files in a home directory, so we should unilaterally designate another folder to install dependencies of those files instead". But this could end up being confusing, because it would no longer be the case that shareable configs are loaded the same way as calling Personally, I would rather deprecate home-directory configs instead and keep encouraging people to use local installations. Home-directory configs can seem convenient at first, but they cause confusion when working on projects with other people.
Personal configs are documented. However, this proposal isn't a bugfix -- it's an additional feature to try to improve the ergonomics of personal configs. So I don't think we have to fix it in ESLint v6. |
|
It would be a real shame to lose home level (personal?) configs. Having this means that I can lint any JS file on my computer, regardless of whether it's part of an npm-managed repo or not. Not every use of eslint should have to be part of an npm (or yarn, or some other package-manager) project. |
|
I'd disagree; I think that all code should be in a project, and that if the project doesn't lint the files, they should not be linted at all. |
|
Perhaps the tagline on the web site should be updated:
Every legacy website without bundling tools and |
|
Sounds good to me, since all they have to do is add a package.json instead of just magically hoping all the projects developers use the same versions of everything :-) |
|
Not everyone works on a team of developers. |
|
Sure they do - a team of 1 is still you, and "you in 6 months". |
|
OK. We, the ESLint team, look to have the consensus that we should deprecate the personal config. Therefore, I will make the RFC that deprecates the personal config rather than I continue to champion this change. |
|
I'm a bit late to the party and haven't used personal configs previously. While it is clearly a good practice for projects to have their own local configs, the idea that a project-level config is always sufficient is mistaken. There are two perfectly valid reasons:
For the latter use case, there is one additional challenge, but I think it is worth implementing (as a plugin if not in core):
* Further backgroundWhile I tend to favor rigorous configs, but not all maintainers will bother themselves or their devs to use adopt one (e.g., my https://github.com/brettz9/eslint-config-ash-nazg borrows from various configs, but it has a whole lot of peer deps. to install; there is Then there is the question of settling on a config to use; on one project, a maintainer insists on using his config, while allowing for suggestions of useful rules to be added to it; however, even for projects which are open like this, it is not practical for me to spend time like this on submitting rules to each config project when I feel my own config is already attempting to be most rigorous (it would be more suitable if I get around to setting apart its stylistic-only rules so I wouldn't need to impose my style preferences everywhere). |
|
(non collaborator, personal opinion) Laziness isn’t a motivation, and if some maintainers don’t want eslint as part of their project, that project shouldn’t be linted. It’s not doing the project any favors to provide it with linting-inspired fixes without actually providing it with linting. In other words, i think everyone in a project should be forced to use the same lowest common denominator, which in your example is “no linting”. If that causes bugs, good - it’s persuasive evidence to lint :-) It seems like your second example falls in the same bucket for me - your rigor should be limited by the rigor all project developers enjoy. |
|
Thank you for your reply, @ljharb. I'm going to use a pretty dramatic example to respond to this as I think it fits, but let me first say at the outset that I really appreciate all of the hard (and otherwise highly intelligent!) work contributors as yourself have offered to bring eslint and other projects in the community that is really as essential as a public utility is to a community. I really hope the hyperbolic (and hopefully not too lengthy) analogy that follows is offered in the interest of a clash of opinions bringing forth a spark of truth rather than in any intent for a personal clash. Now on to the hairy parts... :)
To me, this is really quite a bit like saying that if a head of household refuses to purchase a low-cost, government-funded health check for his family, a health check that can catch problems early, that an independent doctor (whether working for pay or charity) should not provide medical services to a family that had refused such services in order that the family learns their lesson. Nevermind the legitimate reasons the parent may have felt they had in spending their money elsewhere, nevermind the innocent children (i.e., the library's direct consumers), nevermind the extra spread of disease within the community (i.e., the users of the library and its dependents who suffer from its bugs), let's let everyone get crucified for our Social Darwinian ideals of people getting what they deserve! Bugs of course have real world consequences, including for security and livelihood. If independent doctors want to use the medical instruments, however developed with the intent of being used as part of regular health checks, and especially if such use comes at no cost to the government which funds the medical technology development (i.e., it doesn't hurt you too much as maintainers to keep the feature), why should doctors be prevented from doing so and their patients be forced to go entirely without medical service? As a humble "traveling physician" myself, let me explain how your providing me the tools you have developed not only help me to provide my patients with however palliative fixes or treatment (sometimes which fix a problem for a long time allowing much good to come as a result), but I have seen first hand on a number of occasions the ability to freely use and offer your tools to such patients can actually encourage these patients to sign up to your preventative healthcare health checks when they would not have done so otherwise. When I can provide proof-in-hand that with my use of your health checks, I have found actual health problems, the patient may be sobered enough to realize that they really ought to be investing in their own health by doing timely checks, and as a result, their code improves into the future for me and other consumers. Such families as this may survive as they otherwise would not, as I am not capable of so rigorously checking their health with the limited tools of my eyesight alone. Adding rigorous timely health checks won't ensure we catch all problems, and adopting health checks won't lead in all cases to illnesses being discovered (i.e., the patient may pay some cost at no apparent benefit to themselves, spending time to set up the linting without finding any future bugs). But I agree it is indeed wise for them to have these checks. However, it is only human, albeit unwise, that some will wait until there are some pain points to take care of themselves. But we don't need to resign ourselves to allowing a family see a family member die just to help them see the wisdom of our approach. Even one who is Darwinian in their world view should be able to see that not everyone who happens to be unwise about health checks is incompetent and of no use to society in other ways. There are many great tools even developed by geniuses yet who fail to fully take care of their health, and a concerned neighborly physician could restore them, thereby also allowing them to continue their good work. As a mere physician, I cannot replace the unique, specialized jobs that these families do and the benefit they offer wider society (i.e., I may not even be capable of forking and maintaining a project to the same degree of competence). If some great family is lost due to advanced age or suicide (i.e., they abandon their project), I might be able to memorialize and promote the work they have done (i.e., publish a fork which fixes a certain bug), but I cannot replace the work they do. Even if I do try to carry on the vital work of some sick family, it comes at a cost to me to have to promote the work of others (i.e., making a fork) when I could instead be focusing on my job as a physician and they could be be restored to health, doing their own work, sometimes in a more skilled manner than I could, and hopefully chastened enough to take better care of themselves in the future for the benefit of all.
This is to me like saying that a physician should not get the highest training or give the best care but should rather not seek to excel any other student in his class or provide better treatment than the local clinic. Why can't we have a mutually-concerned society, where we encourage the highest public standards for all, yet all the while allowing individuals who wish to do so to promote the adoption of good practices through demonstrating by the power of example in doing their job well that health checks do work. We don't need to let a whole segment of society sink just because it makes decisions against their own better interests in some area. Thanks for your engagement on this topic! |
|
To chime in from the perspective of a maintainer, the case you outline is not one I've encountered nor one I would recommend. I think it's fine for you to want to use ESLint to improve someone else's codebase, but it feels out of the scope for the project to support running multiple times over the same files with different (read: potentially conflicting) configurations. My recommendation would be to create a tool that wraps ESLint and to use that, if this is something you want to pursue. |
|
Thanks @kaicataldo . I do understand such configs could be a bit of a footgun where one really does need caution to avoid potentially conflicting configurations (thankfully there is I'd of course also understand any exception here if it becomes a technical burden for you to maintain, though if necessary, I'd hope that if core changes become necessary to practically support external tools to do such mixing (at this point, I'm not sure any changes are even needed--see below), that you may evince a similar kind of tolerance and accommodatability as I thought was communicated in eslint/eslint#8348 (toward allowing eslint to run in the browser--offering to make small, reasonable changes if needed). Also, just to be sure...Does the deprecation of personal configs mean that there will be any change to configs stored in the home directory, i.e., if one wishes to use a home config to override other projects nested within home, I assume eslint will not be going against its normal algorithm and preventing this ability just because a config is present in HOME? |
|
There is one small core addition which I think would be helpful, and that is a command line flag to disable |
|
Nothing should alter root true. |
|
Because the creator of the project with |
|
If there is concern about it having unintended consequences (e.g., since a project might itself have multiple nested configs, thus causing the lack of |
|
Yes, the creator of the project has the ultimate authority in how to lint that project. The contributors have to obey what the maintainers want. Git repos are a development environment, their consumers are the developers who aren’t in charge. |
|
The creator of the project has the ultimate authority in how to publish their project (or run their private CI routines which may check the linting standards they wish). People cloning their repository can lint it with whatever tools they wish, and offer contributions inspired by such linting. I thought ESLint was about giving people choices, and to date, in my experience, it has been. I'm encouraged though by the words of @kaicataldo :
I'd like to hear from the maintainers about whether they can make this small accommodation to faciltiate such use cases. |
|
If they want to lint it with whatever tools they wish, they need to modify the config files. Just cloning a project, without modifying it, doesn't mean you own it - it still belongs to its maintainers. If you want to own it (and thus decide how it's linted), you should have to modify it. |
|
Consumers don't need to modify the config files in many cases even as it is now--they can use
I don't want to "own" their repo. That is the point. If I felt competent enough or had enough time, I could always make my own fork for every open-licensed project I used (which is the majority of what I work with) and added whatever linting I wanted. But that would be a colossal waste of time. However, I do want to ensure that the projects I use are not overlooking best practices--including those cases when projects are too stubborn to recognize their own good in some areas, and if my stricter linting can find a bug, and the project owner accepts the change--even in cases where they are not open to changing the linting--then it will have benefited myself and my projects' consumers. In that sense then, I will "own" the resulting improvements, including subsequent improvements they make, yet I will not need to override their wishes on their project's internal config. |
|
How often do you find yourself working on a project that a) doesn’t have linting, b) your linting rules catch a bug, and c) the maintainers are unwilling to accept a linting rule that caught a bug? I’d be very interested to understand that scenario. |
|
That is a very fair question (though I should mention that sometimes it is not that the project doesn't have any linting at all, but may only be using "eslint:recommended" but not say the goodness of However:
So it is a bit of a chicken-and-egg problem. Without a means of applying my own rules, I can't freely and quickly take a look at any new project I want to kick the tires on, and have to spend my limited time adding config which may never get incorporated. If I have a means of applying my own rules, however, then I can easily identify specific bugs and the rules which catch those bugs, and appeal to the owner to add them.
For example, when a meaningless regex escape like |
|
My perspective is that if it's not worth you spending the time on improving these projects (which, obviously, you shouldn't have to be doing!), then why do you want to use these projects, instead of switching to one of a dozen other properly linted alternatives? |
|
I should clarify only the last case was one for which I felt I did not have any real time to improve the project despite having honed in on likely problems. And for that project, the project in question is miles ahead of the other alternatives in terms of performance and is used extremely widely. I normally would have had time to fix it, but it just so happened that delving into that code base, as much as I use it, isn't currently as much of a priority for me as other priorities. For the unnecessary time-wasting I felt that is part of the other types, if I had unlimited time, I wouldn't mind doing the work of improving them. And despite what I perceive to be their inefficiencies, I can and do often spend time on improving such projects precisely because I found them to be the best projects, having investigated any alternatives. There are some fortunate cases where the, often big, well managed projects of the Node ecosystem are well-linted, respond quickly to issues, etc., but there are also so many packages which written by the genius type who starts a project that is far better than any others and doesn't give it much loving (though a good number will still accept fixes)--even in some cases with a huge chunk of the Node ecosystem depending on such projects (another reason I may not have time to switch--because it is used by various other dependencies). As much as I, as a fan of the added sanity brought by linting, may sometimes be tempted to conclude that openness to linting correlates entirely with project robustness, the fact is there are also a lot of messy and productive geniuses out there (and no doubt some properly linted projects of little comparative use). |
|
My use case is: when I try things, I do not create eslint config, but I still hope experimental code could be checked against my group of 'personal rules' as a default set of eslint rules. If I decide to create a project, I will definitely create a eslint config so all the project team members could use the same rules. This approach saves me lots of time to config eslint because I almost always use the same config for my new things. It is worth to saving time, right?? Yes. I saw the plan, |
|
Eslint itself as a good global tool is very smart. WHY ESLINT HAS TO BE BOUND TO A PROJECT? |
|
What experimental code are you writing that has no dependencies? |
|
Does it matter? The point is eslint as a global tool with a global config saves time. |
|
I can see a value of global usage, the problem is: the feature was not well-designed, and caused a lot of confusion. Hopefully we can reintroduce the global usage in a future version someday. |
|
That would be nice! ❤️ As I read this thread, I've got to know globally installed eslint is not encouraged , and the team will deprecate this kind of usage in v8.0.0. You know, to me eslint is a wonderful tool, it is so good, and should not be limited to just project level usage. Please do consider to continue supporting global usage. ❤️ I know it is hard, and I too, do not like the idea that installing all dependencies in home dir, and I use It's ugly, but it works as I expected: install all stuff in global instead of home dir. This is my personal config, FYI. 'use strict'
const global_path = `${process.env.HOME}/.nvm/versions/node/v14.0.0`
const Module = require('module')
const hacks = [
'eslint-config-personal',
'eslint-plugin-html',
'eslint-plugin-svelte3',
'svelte',
]
const ModuleFindPath = Module._findPath
Module._findPath = (request, paths, isMain) => {
const foundOne = ModuleFindPath(request, paths, isMain)
if (!foundOne && hacks.includes(request)) {
return require.resolve(`${global_path}/lib/node_modules/${request}`)
}
return foundOne
}
const config = {
root: true,
env: {
browser: true,
node: true,
es6: true,
},
extends: [
'eslint-config-personal',
],
plugins: [
'html',
'svelte3',
],
rules: {
'no-sync': 'off',
'no-console': 'off',
'no-new': 'off',
'no-empty': 'off',
'no-restricted-modules': 'off',
'comma-dangle': ['warn', 'always-multiline'],
'prefer-const': ['warn'],
},
parserOptions: {
sourceType: 'module',
ecmaVersion: '2019',
},
overrides: [
{
files: ['*.svelte'],
processor: 'svelte3/svelte3',
},
],
}
module.exports = configThanks for your patience!😀 |
|
Yes, it matters, because it saves time in the short term at the cost of wasting time in the long term, when your experimental code doesn’t have any eslint version or config attached and suddenly needs to be a project, shared among multiple devs. Short term convenience is rarely a good tradeoff for long term costs. |
|
It would be my job to balance short term and long term cost, isn't it right? And again, my point is eslint working as a global tool matters. |
Summary
This RFC allows the personal config to load also global-installed packages (shareable configs, parsers, and plugins).
Related Issues