Increase NPM version requirement and regenerate package lockfiles #287
Conversation
|
The issue I am (still) seeing with this is that people locally can use npm 6, and Node 12 or so. And everything is fine. Until they install or update a dependency, in which case they would generate a v1 lockfile, and again produce a massive change. In the other PR, I said:
By that, I did not mean to just use npm 7+ and push a v2 lockfile, but actually state that the coding standards (i.e., the ESLint and stylelint configs) require npm and Node in a specific version. Since we do not really require any specific version, but want people not to "downgrade" the lockfile, this should do: "engines" : {
"npm" : ">=7.0.0",
"node" : ">=15.0.0"
} |
|
But my understanding is we need this to run on node 12 and npm 6 (as is the current requirement of the Altis build pipeline unless it has changed since Feb. If so I don’t think we can set the engine above that, which could still cause generation of v1 lock files. |
Node 12 is what the build pipeline currently has installed, yes. But that is not a requirement in terms of "you cannot use anything newer". I know of projects that are using Node 14, and I think some are looking to use 16 or even Node 18. |
|
@tfrommen I've updated this to add the following.
|
mattheu
changed the title
@tfrommen suggested in another PR that we regenerate the
package-lock.jsonto use version 2 as a separate Pull Request to keep the size of the change down.One thing raised in that conversation was that we need to ensure backwards compatibility with Node 12 and NPM 6 as this is what is used by the Altis Build pipeline. I'd just like to be clear that npm 6 does indeed support lockfile v2 so this change should be fine. .