Skip to content

/ brave-core

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

npmrc: Force `package-lock=true` option #3102

Open
wants to merge 1 commit into
base: master
from
Open

npmrc: Force `package-lock=true` option #3102

wants to merge 1 commit into from
+1 −0

Conversation

@feross
Copy link
Collaborator

feross commented Aug 6, 2019
edited

It's relatively common for folks who primarily develop npm packages (rather than top-level apps) to disable the creation of package-lock.json files by setting package-lock=false in their personal .npmrc as they're not useful for package development.

This commit just forces package-lock=true so that the build works correctly for these users (including myself).

Sidenote: Why is package-lock.json not useful to package authors? Because lock files don't get published to npm, so users will always get the latest versions that semver allows, so it's good for package authors to have the same experience. Otherwise, package-lock.json can obscure that a package is actually broken.

See also: brave/brave-browser#5560

Submitter Checklist:

Test Plan:

Reviewer Checklist:

  • New files have MPL-2.0 license header.
  • Request a security/privacy review as needed.
  • Adequate test coverage exists to prevent regressions
  • Verify test plan is specified in PR before merging to source

After-merge Checklist:

  • The associated issue milestone is set to the smallest version that the
    changes has landed on.
  • All relevant documentation has been updated.
@feross
npmrc: Force `package-lock=true` option
Loading status checks…
41224c1 
It's relatively common for folks who primarily develop npm packages (rather than top-level apps) to disable the creation of `package-lock.json` files by setting `package-lock=false` in their personal `.npmrc` as they're not useful for package development.

This commit just forces `package-lock=true` so that the build works correctly for these users (including myself).

---

Sidenote: Why is package-lock.json not useful to package authors? Because lock files don't get published to npm, so users will always get the latest versions that semver allows, so it's good for package authors to have the same experience. Otherwise, package-lock.json can obscure that a package is actually broken.
@feross feross requested a review from bbondy Aug 6, 2019
@feross feross self-assigned this Aug 6, 2019
@feross feross mentioned this pull request Aug 6, 2019
Open
0 of 28 tasks complete
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bbondy bbondy

At least 1 approving review is required to merge this pull request.

Assignees

@feross feross

Labels
None yet
Projects
None yet
Milestone
No milestone
Linked issues

Successfully merging this pull request may close these issues.

None yet

1 participant
@feross
You can’t perform that action at this time.