disallow names of node core modules

[zeke]

For the consideration of @othiym23 and @iarna, I present a possible implementation of #1.

Twas a good excuse to write node-core-module-names, my smallest npm package yet.

cc @robertkowalski

[iarna]

Ok but currently this is a warning and AFAIK it needs to stay that way as we still have some packages published under core module names (see buffer)

[zeke]

I see. @iarna, do you think the warning-ness should be the responsibility of this package? If so, maybe the response object could look like this:

{
  valid: false, 
  errors: ['foo'],
  warnings: ['bar']
}

@maxogden just pointed out to me that there's already a thing that is the same as node-core-package-names: https://preview.npmjs.com/package/builtins

[feross]

Yeah, disallowing core module names is a bad idea, but warning is fine (that's already the current npm behavior).

Browserify, and many others, depend on modules with names that match core. Examples:

• https://www.npmjs.org/package/assert
• https://www.npmjs.org/package/buffer
• https://www.npmjs.org/package/punycode
• https://www.npmjs.org/package/querystring
• https://www.npmjs.org/package/string_decoder
• https://www.npmjs.org/package/url
• https://www.npmjs.org/package/util

To depend on modules that match core names, you just append a forward slash. Like this: var Buffer = require('buffer/').Buffer This feels a bit janky, but the require code is locked (stability index 5) and will probably never change.

[iarna]

@zeke Yeah, i'd be happy getting back an error and a warning list– that interface looks great.

[zeke]

I added support for warnings in the commits above. Take a look and let me know what you think.

[feross]

LGTM! 👍

[zeke]

Version 2 just landed with warnings and a new boolean for validity of legacy packages names. See https://www.npmjs.com/package/validate-npm-package-name#legacy-names