Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove package-lock.json #164

Merged
merged 3 commits into from
Dec 14, 2021
Merged

Remove package-lock.json #164

merged 3 commits into from
Dec 14, 2021

Conversation

GaryGSC
Copy link
Member

@GaryGSC GaryGSC commented Dec 14, 2021

This should reduce noise in this repository, since package-lock.json never gets published to npm. This is a library, so we don't really need it. The .npmrc will cause us to stop generating package-lock.json going forward.

@codecov
Copy link

codecov bot commented Dec 14, 2021
edited
Loading

Codecov Report

Merging #164 (fb0d3b6) into main (ce0198e) will not change coverage.
The diff coverage is n/a.

❗ Current head fb0d3b6 differs from pull request most recent head dc447d3. Consider uploading reports for the commit dc447d3 to get more accurate results
Impacted file tree graph

@@           Coverage Diff           @@
##             main     #164   +/-   ##
=======================================
  Coverage   77.27%   77.27%           
=======================================
  Files           2        2           
  Lines          22       22           
  Branches        6        6           
=======================================
  Hits           17       17           
  Misses          5        5

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update ce0198e...dc447d3. Read the comment docs.

@GaryGSC
Copy link
Member Author

GaryGSC commented Dec 14, 2021

Apparently, removing the lockfile breaks our npm audit workflow. We should get fewer false positives without the lockfile, and I believe we get the same benefits just by keeping up with our Dependabot PRs.

@GaryGSC GaryGSC requested a review from a team December 14, 2021 17:19
yoshutch
yoshutch reviewed Dec 14, 2021
View reviewed changes
Copy link
Contributor

@yoshutch yoshutch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this require a bumped version in package.json?

@GaryGSC
Copy link
Member Author

GaryGSC commented Dec 14, 2021

Probably. I haven't checked how the release automation works here. I'll do that.

@GaryGSC GaryGSC merged commit e81428a into main Dec 14, 2021
@GaryGSC GaryGSC deleted the remove-package-lock branch December 14, 2021 17:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yoshutch yoshutch yoshutch approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@GaryGSC @yoshutch