@W-13846314@ Enforce lockfile version 2

[wjhsf]

@adamraya pointed out that in the last release v3 snuck in to a few lockfiles. Since we don't really pay attention to the lockfiles as much as we should, it seems prudent to have a script do that for us.

Description

Types of Changes

• Bug fix (non-breaking change that fixes an issue)
• New feature (non-breaking change that adds functionality)
• Documentation update
• Breaking change (could cause existing functionality to not work as expected)
• Other changes (non-breaking changes that does not fit any of the above)

Breaking changes include:

• Removing a public function or component or prop
• Adding a required argument to a function
• Changing the data type of a function parameter or return value
• Adding a new peer dependency to package.json

Changes

• (change1)

How to Test-Drive This PR

# Create a v3 lockfile in monorepo root and pwa-kit-dev
git switch develop
rm -rf node_modules package-lock.json packages/pwa-kit-dev/node_modules packages/pwa-kit-dev/package-lock.json
npx npm@9 install

# Run npm install w/ these changes - should print warnings and exit 2
git switch wjh/lockfiles
npm install # using npm 7 or 8

Checklists

General

• Changes are covered by test cases
• CHANGELOG.md updated with a short description of changes (not required for documentation updates)

Accessibility Compliance

You must check off all items in one of the follow two lists:

• There are no changes to UI

or...

• Changes were tested with a Screen Reader (iOS VoiceOver or Android Talkback) and had no issues
• Changes comply with WCAG 2.0 guidelines levels A and AA
• Changes to common UI patterns and interactions comply with WAI-ARIA best practices

Localization

• Changes include a UI text update in the Retail React App (which requires translation)

[wjhsf]

We always grumble about the scripts being stuck using require(), so this I made this as a .mjs file so it can use imports.

[wjhsf]

This is pretty much just to avoid .DS_Store if it happens to be there.

[alexvuong]

Are we locking in version 2? As far as I know, lockfile version 3 are compatible with lock file version 2, the only concern is when lock files is generated in version 1, which is from Node 14. When Node 14 is offically out of support, we should not have this issue i believe

[vcua-mobify]

Just confirming what @alexvuong said: https://docs.npmjs.com/cli/v9/configuring-npm/package-lock-json#lockfileversion

Why do we want to lock in v2? To ensure compatibility with Node 14 / npm 6?

[wjhsf]

We want to lock to some version in order to ensure consistency across packages. Version 2 was an arbitrary choice because that's what we're already using.

[vcua-mobify]

Testing this change - it works

Expected pwa-kit to have lockfile version 2, but saw version 3.
To regenerate the lockfiles with the correct lockfile version, please run `rm -rf package-lock.json node_modules/` in each impacted directory, and then use npm 7 or 8 to run `npm install` in the monorepo root.
npm ERR! code 1
npm ERR! path /Users/vcua/Git/pwa-kit
npm ERR! command failed
npm ERR! command sh -c -- node ./scripts/bootstrap.js && node ./scripts/check-lockfiles.mjs

[alexvuong]

Is this a temporary script until Node 14 is deprecated?

[wjhsf]

Is this a temporary script until Node 14 is deprecated?

I intended for it to be permanent; if we want it to be temporary we'll have to wait at least until we drop support for npm 8 (and hope that npm 10+ use lockfile v3), as npm 8 uses lockfile v2, but npm 9 uses lockfile v3.