Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove package-lock.json? #3792

Closed
mgol opened this issue Sep 20, 2017 · 3 comments
Closed

Remove package-lock.json? #3792

mgol opened this issue Sep 20, 2017 · 3 comments
Labels

Comments

@mgol
Copy link
Member

@mgol mgol commented Sep 20, 2017

Description

npm 5, even the version included in the latest Node.js 8.5.0 re-generates package-lock.json on each install. And when it does on a system that doesn't support all the optional dependencies that are supported on the OS where the lockfile was generated, it removes those optional deps from the lockfile.

The effect is that everyone firing npm install on our repo on any OS other than macOS will immediately get a dirty state of the repo as the fsevents dependency subtree gets removed from package-lock.json. That's a really bad experience.

Link to test case

@mgol mgol changed the title Remove package-lock.json Remove package-lock.json? Sep 20, 2017
@timmywil
Copy link
Member

@timmywil timmywil commented Sep 20, 2017

hmm, it shouldn't regenerate the lockfile. Otherwise, what's the point of a lockfile? Has this been reported to npm?

@mgol
Copy link
Member Author

@mgol mgol commented Sep 20, 2017

It seems to be npm/npm#18135, open since August 10. No feedback from the npm team so far.

@dmethvin
Copy link
Member

@dmethvin dmethvin commented Sep 20, 2017

Interesting that yarn does install everything and has an opposite problem: yarnpkg/yarn#4190

@mgol mgol closed this in 7037fac Sep 25, 2017
@mgol mgol removed the Needs review label Sep 25, 2017
@lock lock bot locked as resolved and limited conversation to collaborators Jun 17, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants