Use registry.npmjs.org upstream?

[bollwyvl]

Mea culpa: I merged 1.8.0, which is clearly marked as prerelease on both the yarn home, npm, and the github repo. I'd like to do something about it, and opened regro/cf-scripts#296 to add registry.npmjs.org smarts to the bot to only get "real" releases. If that lands, and maybe for other reasons, we might want to switch to an npm upstream... looks like it's always been that way on this recipe, not sure what the original motivation was!

Pro

• it is (or will be) the default source where yarn would install itself from... there are talks of deprecating http://registry.yarnpkg.com in the future, and heck, they could go to gitlab tomorrow
• npm publishes the tarball sha1s (we could keep also calculating the sha256, i guess)

Con

• most of the other npm-homed packages on conda-forge seem to use github tag tarballs
• that pr might not land (for the above reason)

Anyhow, food for thought!

[djsutherland]

Sounds like a good idea to me. We could switch here before regro/cf-scripts#296 merges even, no particular reason to wait.

[bollwyvl]

Well, the aye's have it!

Sorry i hadn't gotten back on this in a tick. I'm PR making the proposed change for the 1.9.4 release (currently PRd, and hasn't been superceded... yet), so any complaints can be lodged there as well.

[bollwyvl]

Adopted in #12 .