Heads-up: npm may be looking to adopt node-gyp version 8.x soon

node-gyp 8.2.0 is in npm 8.0.0, which is bundled with Node 16.11.0.

See the PR that bumped node-gyp in npm:

• https://github.com/npm/cli/pull/3762

And the node-gyp dependency’s semver range ‘^8.2.0’ in npm 8.0.0’s package.json:

• https://github.com/npm/cli/blame/v8.0.0/package.json#L98

The PR landed to npm’s release-next branch on October 7th, and npm v8.0.0 was released about four hours later.

(I will let the maintainers decide whether to leave this issue open, or close it, etc. Consider this comment a public service announcement: node-gyp 8.2.0 is now live on a lot of people’s machines; Whoever is using the latest Node, 16.11.0 or greater, has it bundled by default.

Node 16.11.0 shipped on October 8th, and was bundled with npm 8, and thus node-gyp 8.)

Python support is a tricky question because I don’t know that we’ve ever had any “contract” for how we support something that tangential to our setup.

This repo is 88.8% Python and is 9.6% JavaScript so tangential might be the wrong word. README.md and setup.py are both quite clear about the version contract we keep.

That’s a good point, I meant tangential in the sense of what we “support” from npm. Typically it’s been about the node version. Our testing matrix tests osx, windows, and linux but not across a big range of distributions.

We do our best to support what we can, but from an npm cli standpoint this is definitely a grey area. For instance there are forms of openssh/openssl we don’t support, and dropping support for older versions did not constitute a semver major in npm in the past.

We will discuss this further in the near future, but it is looking like this isn’t going to be a blocker for us updating to node-gyp@8 in npm@7, especially considering we are going to be fixing the bug that prevents users from providing their own version if they need.