undefined

points

[-]

They're not doing so here, but shipping a wasm-compiled binary with npm that uses node's WASI API is a really easy way to ship a cross-platform CLI utility. Just needs ~20 lines of JS wrapping it to set up the args and file system.

by mountainriver22 hours ago|

parent|

[-]

Doesn’t this seem excessive over just using rust’s cross platform builds?

by csomar21 hours ago|

parent|

[-]

There's no such thing as a truly "cross-platform" build. Depending on what you use, you might have to target specific combinations of OS and processor architecture. That's actually why WASM (though they went with WASI) is a better choice; especially for libraries, since anyone can drop it into their environment without worrying about compatibility.

by jitl20 hours ago|

parent|

[-]

there’s 3 os and 2 architectures minus darwin-amd64 so you just need to do 5 builds to avoid the WASM performance tax.

(freebsd runs linux binaries and the openbsd people probably want to build from source anyways)

by Lord_Zero22 hours ago|

parent|

prev|

[-]

Can you link to a sample of how I can do this?

by taskylizard17 hours ago|

parent|

[-]

https://axodotdev.github.io/cargo-dist/

by varenc22 hours ago|

prev|

[-]

I found that strange as well. My guess is that `npm` is just the package manager people are most likely to already have installed and doing it this way makes it easy. They might think asking people to install Cargo is too much effort. Wonder if the pattern of using npm to install non-node tools will keep gaining traction.

by m00014 hours ago|

parent|

[-]

It's still weird. Why not just use an effing install.sh script like everybody else? And don't tell me "security". Because after installation you will be running an unknown binary anyway.

by bigstrat200321 hours ago|

parent|

prev|

[-]

Most people aren't going to have npm installed though. Nobody outside of web devs uses it.

by patates17 hours ago|

parent|

[-]

A lot of people who are not web devs use it, that's what I see. I even saw some mainframe developers use npx to call some tool on some data dump.

Also, this is a web project anyway. Google Workspace is web based, so while there is a good chance that the users aren't web developers, it's a better chance that they have npm than anything else.

In the case that they don't, releases can be downloaded directly too: https://github.com/googleworkspace/cli/releases

by gempir17 hours ago|

parent|

prev|

[-]

If you had to pick one package manager that was most likely installed across all the different user machines in the world, I'd say npm is a pretty good bet.

by wiseowise14 hours ago|

parent|

[-]

Pip.

by sankalpmukim20 hours ago|

parent|

prev|

[-]

"Most people" are webdevs

Bracing for getting cancelled

by freakynit22 hours ago|

parent|

prev|

[-]

Why not just downloadable binary then?

by varenc22 hours ago|

parent|

[-]

For many, installing something with npm is still easier. It chooses the right binary for your OS/architecture, puts it on your PATH, and streamlines upgrades.

Their Github releases provides the binaries, as well as a `curl ... | sh` install method and a guide to use github releases attestation which I liked.

by krzyk11 hours ago|

parent|

[-]

I feel better with `curl ... | sh` than with npm.

npm suggests projects written in js, which is not something I'm comfortable.

It is nice to see that this is not JS, but Rust.

by varenc3 hours ago|

parent|

[-]

Agreed! The `curl ... | sh` is sketchy, but it's more obviously a security risk and easier to inspect. With install hooks, `npm install ...` also allows arbitrary code execution when you run it, but this is less obvious.

by freakynit21 hours ago|

parent|

prev|

[-]

Hmm, that's right... thanks..

by patates17 hours ago|

parent|

prev|

[-]

They have them: https://github.com/googleworkspace/cli/releases

by brunoborges22 hours ago|

prev|

[-]

NPM as a cross platform package distribution system works really well.

The install script checks the OS and Arch, and pulls the right Rust binary.

Then, they get upgrade mechanism out of the box too, and an uninstall mechanism.

NPM has become the de facto standard for installing any software these days, because it is present on every OS.

by danpalmer22 hours ago|

parent|

[-]

To my knowledge NPM isn't shipped in _any_ major OSes. It's available to install on all, just like most package managers, but I'm not sure it's in the default distributions of macOS, Windows, or the major Linux distros?

by anilgulecha22 hours ago|

parent|

[-]

No package manager is. But of the ones that are installed by users, npm is probably the most popular.

by spinagon22 hours ago|

parent|

[-]

What about pip? It's either installed or immediately available on many OSes

by Fabricio2020 hours ago|

parent|

[-]

pip might be but it was historically super inconsistent (at least in my experience). Is it `pip install`? `python3 -m pip install`? maybe `pip3 install`? Yeah ubuntu did a lot of damage to pip here. npm always worked because you had to install it and it didnt have a transition phase from python2 being in the OS by default.

by piperswe22 hours ago|

parent|

prev|

[-]

`pip install` either doesn’t work out of the box or has the chance to clobber system files though

by jitl21 hours ago|

parent|

prev|

[-]

system pip w/ sudo usually unleashes Zalgo, i’d rather curl | bash but npm is fine too. it’s just about meeting people where they’re at, and in the ai age many devs have npm

if you build for the web, no matter what your backend is (python, go, rust, java, c#), your frontend will almost certainly have some js, so likely you need npm.

by nikanj21 hours ago|

parent|

prev|

[-]

This is about eight years old. The python situation has mostly gotten worse since https://xkcd.com/1987/

by jitl20 hours ago|

parent|

[-]

python packaging / envs is solved now by uv. its not promising or used by people in the know like the last 2 trendy python package managers. i was a big time python hater since it was a pita to support as a devtools guy but now its trivial. uv just works, it won.

by abustamam11 hours ago|

parent|

[-]

I'm not a python dev, but I see a bit of its ecosystem. How does uv compare with conda or venv? I thought JS had the monopoly on competing package managers.

by a_t4820 hours ago|

parent|

prev|

[-]

What? It’s much much better now, you can just use uv. Yeah, it’s yet another package manager, but it does it well.

by chrisweekly9 hours ago|

parent|

[-]

Or go up a rung or two on the abstraction ladder, and use mise to manage all the things (node, npm, python, etc).

by 21 hours ago|

parent|

prev|

[-]

deleted

by 22 hours ago|

parent|

prev|

[-]

deleted

by oefrha22 hours ago|

parent|

prev|

[-]

> The install script checks the OS and Arch, and pulls the right Rust binary.

That's the arbitrary code execution at install time aspect of npm that developers should be extra wary of in this day and age. Saner node package managers like pnpm ignore the build script and you have to explicitly approve it on a case-by-case basis.

That said, you can execute code with build.rs with cargo too. Cargo is just not a build artifact distribution mechanism.

by mcmcmc19 hours ago|

parent|

prev|

[-]

More of a de facto standard for supply chain attacks tbh

by mountainriver22 hours ago|

parent|

prev|

[-]

Yeah except you need to install NPM, whereas with a rust binary, which can easily compile cross platform, you don’t.

Honestly I’m shocked to see so many people supporting this

by bigstrat200321 hours ago|

parent|

prev|

[-]

> NPM has become the de facto standard for installing any software these days, because it is present on every OS.

That's not remotely true. If there is a standard (which I wouldn't say there is), it's either docker or curl|bash. Nobody is out there using npm to install packages except web devs, this is absolutely ridiculous on Google's part.

by abustamam11 hours ago|

parent|

[-]

I agree but this isn't a Google project, it's one Google employee.

by jitl20 hours ago|

parent|

prev|

[-]

they offer npm for the large market of cli users who have it, and curl|bash to those who don’t. ¯\_(ツ)_/¯

by xarope20 hours ago|

parent|

prev|

[-]

"NPM has become the de facto standard for installing any software these days, because it is present on every OS."

What?!? Must not be in any OS I've ever installed.

Now tar, on the other hand, exists even in windows.

by koakuma-chan20 hours ago|

parent|

prev|

[-]

I think there has been an influx of people vibe coding in Rust because its "fast" but otherwise they have no idea about Rust.

by gck118 hours ago|

parent|

[-]

Not because it's fast, but because of its compiler. It acts as a very good guardrail and feedback mechanism for LLMs.

by abustamam11 hours ago|

parent|

[-]

Typescript has surpassed Python and JS as most used on Github for a similar reason

https://xcancel.com/github/status/2029277638934839605?s=20

by koakuma-chan9 hours ago|

parent|

[-]

> making strict typing an advantage, not a chore

It's crazy that people think strict typing is a chore. Says a lot about our society.

by abustamam7 hours ago|

parent|

[-]

I learned TS after a few years with JS. I thought having strict types was cool. Many of my colleagues with much more (JS) experience than me thought it was a hassle. Not sure if they meant the setup or TS or what but I always thought it was weird.

by r2champloo21 hours ago|

prev|

[-]

Interesting fact, because cargo builds every tool it downloads from source, you can’t actually run cargo install on Google laptops internally.

by efreak16 hours ago|

parent|

[-]

I use cargo-binstall, which supports quick install and a couple other methodsfor downloading binaries for rust packages

by jamesmishra22 hours ago|

prev|

[-]

Why should the package's original language matter?