Ability to validate lockfileVersion #128
Comments
|
Totally understand where this is helpful to force a specific one version for the team, but I think this shouldn't be done with lockfile-lint, but rather with something like nvm's Does that make sense? |
|
I see what you mean with .nvmrc however that doesn't force the version as the developer needs to remember to run Current example is, I use the default npm version with Node 10 however a team member had upgraded to the latest npm while still on Node 10. This meant I was on lockfileVersion 1 and they were on 2 |
|
So, some ideas for other workarounds that can apply here:
Any of this is helpful? |
|
It may be compatible but we had the issue of the package-lock rewriting itself to match the correct schema for the npm version used and switching back and forth. So wanted to have something that would automatically flag this. lockfile-version in Looking more at |
🤗
Nope. It doesn't force a trust policy, but merely sets the default upstream repository for when you do |
|
Very true, thanks again for the suggestions 😄 |
|
Anytime! |
Is your feature request related to a problem? Please describe.
Using npm in a team has the ability for different engineers to install different npm versions, these different versions can change the lockfileVersion field as the schema changes https://docs.npmjs.com/cli/v8/configuring-npm/package-lock-json#lockfileversion
Describe the solution you'd like
A flag to pass the version it should be and it validates the real version match.
Describe alternatives you've considered
Please describe alternative solutions or features you have considered.
Notes
Yarn does not have this field but instead has a comment https://classic.yarnpkg.com/lang/en/docs/yarn-lock/. This could be an npm only feature?
Would require changing the format returned from parsing so not just a list of dependencies is returned
The text was updated successfully, but these errors were encountered: