Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: rebuilt package-lock w/ v2 #570

Merged
merged 1 commit into from
Dec 16, 2021

Conversation

erisu
Copy link
Member

@erisu erisu commented Dec 16, 2021

Motivation and Context

Prepare for Cordova CLI 11 Release

Description

Rebuilt the package-lock.json file with v2

Testing

  • GH Actions

Checklist

  • I've run the tests to see all new and existing tests pass

@erisu erisu added this to the 11.0.0 milestone Dec 16, 2021
@codecov-commenter
Copy link

codecov-commenter commented Dec 16, 2021

Codecov Report

Merging #570 (b49f1cc) into master (b164b33) will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master     #570   +/-   ##
=======================================
  Coverage   70.40%   70.40%           
=======================================
  Files           4        4           
  Lines         321      321           
=======================================
  Hits          226      226           
  Misses         95       95           

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b164b33...b49f1cc. Read the comment docs.

@timbru31
Copy link
Member

Does this have any implications for Node.js versions that still use v1?

@erisu erisu force-pushed the feat/rebuild-package-lock-v2 branch from 8eadc0b to b49f1cc Compare December 16, 2021 11:11
@erisu
Copy link
Member Author

erisu commented Dec 16, 2021

Some points about the package-lock is that is apart of NPM's structure, not Node.js.

People could have installed an older Node.js and installed the latest NPM with npm i -g npm@latest.

The package-lock is a development file and never bundled with the production release package.

About the version support, https://docs.npmjs.com/cli/v7/configuring-npm/package-lock-json#lockfileversion

Note that the file format changed significantly in npm v7 to track information that would have otherwise required looking in node_modules or the npm registry. Lockfiles generated by npm v7 will contain lockfileVersion: 2.

No version provided: an "ancient" shrinkwrap file from a version of npm prior to npm v5.

1: The lockfile version used by npm v5 and v6.
2: The lockfile version used by npm v7, which is backwards compatible to v1 lockfiles.
3: The lockfile version used by npm v7, without backwards compatibility affordances. This is used for the hidden lockfile at node_modules/.package-lock.json, and will likely be used in a future version of npm, once support for npm v6 is no longer relevant.

npm will always attempt to get whatever data it can out of a lockfile, even if it is not a version that it was designed to support.

@erisu
Copy link
Member Author

erisu commented Dec 16, 2021

@timbru31, I hope the above explains enough.

But, here is also the parent ticket to direct this change: apache/cordova#300
This was also discussed in the mailing list and the link is in the above ticket.

@erisu erisu requested a review from timbru31 December 16, 2021 11:58
@erisu erisu merged commit 1ce2132 into apache:master Dec 16, 2021
@erisu erisu deleted the feat/rebuild-package-lock-v2 branch December 16, 2021 12:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants