-
-
Notifications
You must be signed in to change notification settings - Fork 562
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Provide upstream curated package-lock.json
#794
Comments
Acknowledged! I'll see if I can dig a package-lock.json out of the CI runs for a starting reference. |
I have been attempting to install CNCJS on a Raspberry PI without success. There is a sea of NMP/Node.js version incompatibilities and warnings of missing packages using any of the installation instructions that I have found. Would the json file resolve my difficulties? It sounds like it might. |
Best practice is as far as I know to commit yarn.lock or package-lock.json and run However there is some voodoo going on with the build that copies bits of package.json into another one in |
Managed to get package-lock.json out of a CI build: https://gist.github.com/emcniece/a02e5f8b129a57109efc0e931167387d I had to update the Appveyor/CI NodeJS version from 12 to 14 in order to get builds to pass. This might cause some distribution problems - the unit tests appear to pass, but OS integration will need manual confirmation. If somebody wants to try building and running with this package-lock.json that would be a great help. I'll see if I can tag and trigger a build for testing. |
One of the problems with package-lock.json is that CI though, shouldn't generally alter or produce a lock file in and of itself. Then we have this abomination. Which CI (or anyone/anything that actually packages a real release should produce). https://docs.npmjs.com/cli/v9/commands/npm-shrinkwrap However if your top-level project is being used as a dependency of other projects, this file can give downstream users a real pain. |
I have a sneaking suspicion that Here's an in-progress PR to publish If this works and the resulting file is the same across the 6 platform builds (https://ci.appveyor.com/project/emcniece/cncjs) then the next step might be to manually confirm that each of these builds results in functional apps in its respective platform. |
It's going to be resovled with the upcoming 1.10.x releases. |
Description
Currently, the repository does not provide a
package-lock.json
. Therefore there is no way to reproduce the exact dependency set as used to build the provided release.Please consider providing the
package-lock.json
used to create release, by either make them part of the release source distribution or by manage it as part of the repository (the later is preferred).This would also enable other benefits like caching of
node_modules
on CI by hashing the lock file.Versions
Operating System
The text was updated successfully, but these errors were encountered: