Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move to v2 format for package-lock.json #409

Merged
merged 1 commit into from
Feb 9, 2023
Merged

Move to v2 format for package-lock.json #409

merged 1 commit into from
Feb 9, 2023

Conversation

MasterOdin
Copy link
Contributor

@MasterOdin MasterOdin commented Feb 8, 2023
edited
Loading

Description

Please explain the changes you made here.

PR modifies the package-lock.json file to the new v2 format which was rolled out with npm v7 back in 10/2020. This is supposed to be better able to give deterministic build results with regards to tree shape. The new lockfile is backwards compatible with npm v6 (which comes with node 14 on some platforms like GH actions), but it's expected that most people will be trending forward to newer versions of npm (which is at v9), that most people won't need to worry about the compatibility.

Checklist

Please review this checklist before submitting a pull request.

  • Code compiles correctly
  • Created tests, if possible
  • All tests passing (npm run test:all)
  • Extended the README / documentation, if necessary

@agnivade
Copy link
Member

agnivade commented Feb 8, 2023

QQ: will this format be respected by default when someone adds a new package with npm install? Can you also mention the command used to move to the new format for posterity?

@MasterOdin
Copy link
Contributor Author

MasterOdin commented Feb 8, 2023
edited
Loading

If someone uses npm v7+, then the format of the lockfile will remain v2.

If someone uses npm v6, then the format of the lockfile will be downgraded to v1. This is the thing we'd want to watch out for in someone submitting a PR that modifies dependencies.

Moving between the versions is done as part of the regular npm install usage, and I "upgraded" the package-lock.json by doing npm install, though if you wanted to fully replicate my process, you could do npx npm@8 install

To know what version the lockfile is at, there's a lockfileVersion field that is at the top of the file that designates the version, where if that's missing, then it was made using npm v5 or lower, if it's 1, then that's npm 6 and 2 or higher is npm v7+. If we wanted to totally break allowing people with older versions of npm, the version could be set to 3, but there's not a huge gain there, and again, in my experience most people are already using a newer version of npm anyway, and I've not seen issues of package-lock versioning once upgraded.

agnivade
agnivade approved these changes Feb 9, 2023
View reviewed changes
Copy link
Member

@agnivade agnivade left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@agnivade agnivade merged commit f75185e into master Feb 9, 2023
@agnivade agnivade deleted the chore-npm-lockfile branch February 9, 2023 06:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@agnivade agnivade agnivade approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@MasterOdin @agnivade