-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Increase NPM version requirement and regenerate package lockfiles #287
Conversation
The issue I am (still) seeing with this is that people locally can use npm 6, and Node 12 or so. And everything is fine. Until they install or update a dependency, in which case they would generate a v1 lockfile, and again produce a massive change. In the other PR, I said:
By that, I did not mean to just use npm 7+ and push a v2 lockfile, but actually state that the coding standards (i.e., the ESLint and stylelint configs) require npm and Node in a specific version. Since we do not really require any specific version, but want people not to "downgrade" the lockfile, this should do: "engines" : {
"npm" : ">=7.0.0",
"node" : ">=15.0.0"
} |
But my understanding is we need this to run on node 12 and npm 6 (as is the current requirement of the Altis build pipeline unless it has changed since Feb. If so I don’t think we can set the engine above that, which could still cause generation of v1 lock files. |
Node 12 is what the build pipeline currently has installed, yes. But that is not a requirement in terms of "you cannot use anything newer". I know of projects that are using Node 14, and I think some are looking to use 16 or even Node 18. |
@tfrommen I've updated this to add the following.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good, thanks @mattheu
@tfrommen suggested in another PR that we regenerate the
package-lock.json
to use version 2 as a separate Pull Request to keep the size of the change down.One thing raised in that conversation was that we need to ensure backwards compatibility with Node 12 and NPM 6 as this is what is used by the Altis Build pipeline. I'd just like to be clear that npm 6 does indeed support lockfile v2 so this change should be fine. .